Date: Fri, 15 Jun 2012 02:23:29 +0200 From: "C. P. Ghost" <cpghost@cordula.ws> To: grarpamp <grarpamp@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: UEFI Secure Boot Specs - And some sanity Message-ID: <CADGWnjU3qkSKGWDUjGwroXXLd_=auWvmfWKy%2B8kqzj5r2oGmeg@mail.gmail.com> In-Reply-To: <CAD2Ti29q6ij5Xht587_7gmDs%2BsWfStST=4C5abiF=Cg7FXi%2Byg@mail.gmail.com> References: <CAD2Ti2_SHrW5U3FM5FDuuddkBijKs_z%2BnsaViQBT6uF9X3b8Eg@mail.gmail.com> <201206081611.q58GBW0J097808@fire.js.berklix.net> <CAD2Ti29q6ij5Xht587_7gmDs%2BsWfStST=4C5abiF=Cg7FXi%2Byg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Jun 9, 2012 at 12:17 AM, grarpamp <grarpamp@gmail.com> wrote: > I did say "effectively". If people would actually read that chapter > in the spec (minimally 27.5) they would find that they can: > - Load a new PK without asking if in default SetupMode > - If not in SetupMode, chainload a new PK provided it is > signed by the current PK. > - Clear the PK in a 'secure platform specific method'. Only if they fully follow the spec. This is rather unlikely. Even today, there are still many broken DMI/SMBIOS tables out there that contain barely enough stuff for Windows to boot successfully. What makes you think UEFI BIOS makers will go all the trouble to implement such a complex spec, if all they have to do is to ensure compliance with MS requirements? I wouldn't count on an option or switch to override this system. Technically, we may very well have to replace the BIOS, or even the BIOS chip itself (that'll be fun if it is physically mounted on the board!), and replace it with a chip flashed with a free BIOS. And by then, the corps who are responsible for this UEFI mess will have made it illegal to 1. tinker with your own hardware, as it would be DRM circumvention and 2. implement a free UEFI BIOS as it would violate some UEFI patents. Basically, we may end up in a situation where running FreeBSD on a modified motherboard could be outright illegal. Which is exactly the point, isn't it? -cpghost. -- Cordula's Web. http://www.cordula.ws/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CADGWnjU3qkSKGWDUjGwroXXLd_=auWvmfWKy%2B8kqzj5r2oGmeg>