From owner-freebsd-questions@FreeBSD.ORG Thu Jun 7 13:43:47 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7D1241065672 for ; Thu, 7 Jun 2012 13:43:47 +0000 (UTC) (envelope-from "") Received: from remailer.privacy.at (remailer.privacy.at [212.124.141.99]) by mx1.freebsd.org (Postfix) with ESMTP id 362918FC12 for ; Thu, 7 Jun 2012 13:43:47 +0000 (UTC) Received: from localhost (localhost [127.0.0.1]) by remailer.privacy.at (Postfix) with ESMTP id C8FB97FD1C for ; Thu, 7 Jun 2012 15:43:45 +0200 (CEST) From: "Anonymous Remailer (austria)" Comments: This message did not originate from the Sender address above. It was remailed automatically by anonymizing remailer software. Please report problems or inappropriate use to the remailer administrator at . To: freebsd-questions@freebsd.org In-Reply-To: Message-ID: <6782343018e8928084925565b6f2bc33@remailer.privacy.at> Date: Thu, 7 Jun 2012 15:43:45 +0200 (CEST) Subject: Re: UEFI Secure Boot Specs - And some sanity X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Jun 2012 13:43:47 -0000 > > Isn't there a lot of needless handwaving going on when the spec is > > pretty clear that installing your own complete PKI tree will all > > boil down to what is effectively a jumper on the motherboard? No, considering 99.99% of of current Windows victims can't even install a fresh copy of Windows. > > Users could fully utilize the UEFI Secure Boot hardware by say: > > > > - Using openssl to generate their keys > > - Jumper the board, burn it into the BIOS in UEFI SB SetupMode > > - Have all the MBR, slice, partition, installkernel, etc tools > > install and manage the signed disk/loader/kernel/module bits > > - Have the BIOS check sigs on whatever first comes off the media Yeah that's trivial for 99.99% of users. I have no idea what everyone is on about. I just program my own PROM and make my own motherboards. Now back to reality, most people don't know how to use openssl. They don't want to break the seal on their PC and void the warranty. They don't want to play with jumpers. They don't know how to use Linux fdisk or BSD disklabel. They can't set up their BIOS. They may not be the typical BSD or Linux poweruser but they represent most users. And sadly even a significant percentage of BSD and even a more significant percentage of Linux users (thank you Ubuntu) aren't capable of doing these things. > > And if they really were that dumb, there's Gigabyte, Asus, Msi, > > Supermicro, Biostar, etc who will not be so dumb and will soak up > > all the remaining sales gravy. We're going to see if that happens but it won't. The WinTel Mafia controls more than what you think and these vendors know they get many magnitudes more money from selling Windows commodity shitboxes than they ever will from all the BSD and Linux users multiplied together.