Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: UEFI SecureBoot Comes To QEMU-KVM

  1. #11
    Join Date
    Mar 2011
    Posts
    71

    Default

    Quote Originally Posted by TobiSGD View Post
    They do not need to. Ubuntu/Canonical have made their own key for their bootloader/kernel to be able to run on machines with Secure Boot and the Ubuntu key. Fedora has bought the right to use a Microsoft key, just for convenience, because basically every motherboard will ship with this key. This way they don have to convince the hardware manufacturers to use their key, unlike Canonical.
    I don t know.
    Hardware manafacturers chooses which keys are installed .The user key is not pre installed on motherboards.
    The manufacturers chooses which keys are installed by default.The user must contact the manufacturer to install your custom key.This is not a good thing.

  2. #12
    Join Date
    Apr 2012
    Location
    Germany
    Posts
    205

    Default

    Quote Originally Posted by lapis View Post
    I don t know.
    Hardware manafacturers chooses which keys are installed .The user key is not pre installed on motherboards.
    The manufacturers chooses which keys are installed by default.The user must contact the manufacturer to install your custom key.This is not a good thing.
    The user will be able to install own keys without contacting the manufacturer. This is one of the requirements for the Windows 8 logo. The Ubuntu/Fedora thing is only about pre-installed keys, not the user keys. They just want the convenience that the user does not have to do this for Ubuntu/Fedora.

  3. #13
    Join Date
    Jan 2011
    Posts
    193

    Default

    Quote Originally Posted by lapis View Post
    Why ubuntu and red hat need to buy a key ?
    1. It makes it easier for them to use a KEK that they already know will be included. It's also easier for they user if the default install does not require fussing about with cryptography

    2.Some poor implementations may only include that key and no easy method to enter the platform setup mode, or add an exempted key.

  4. #14
    Join Date
    Mar 2011
    Posts
    71

    Default

    Quote Originally Posted by WorBlux View Post

    2.Some poor implementations may only include that key and no easy method to enter the platform setup mode, or add an exempted key.

    In this case ,a exception system can be very good.We cannot trust always on manufacturers.

  5. #15
    Join Date
    Apr 2012
    Location
    Germany
    Posts
    205

    Default

    Quote Originally Posted by WorBlux View Post
    2.Some poor implementations may only include that key and no easy method to enter the platform setup mode, or add an exempted key.
    May sound ironically, but in that case one should look for the Windows 8 logo on the box. The logo requires that the system can be set to setup mode and that it is possible to add keys.

  6. #16
    Join Date
    Mar 2011
    Posts
    71

    Default

    Quote Originally Posted by TobiSGD View Post
    May sound ironically, but in that case one should look for the Windows 8 logo on the box. The logo requires that the system can be set to setup mode and that it is possible to add keys.

    ARM is not possible to do this I think.

  7. #17
    Join Date
    Jan 2011
    Posts
    193

    Default

    Quote Originally Posted by lapis View Post
    ARM is not possible to do this I think.
    But their calling windows 8, windows RT when on an ARM device. But yes ARM will be locked down.

  8. #18
    Join Date
    Oct 2008
    Posts
    3,137

    Default

    Quote Originally Posted by lapis View Post
    ARM is not possible to do this I think.
    Correct, although lots of ARM devices are already locked down so it's nothing new in that area other than Windows has been ported to it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •