 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
On Thu, Nov 1, 2012 at 4:02 PM, Rich Pieri <richard.pieri at gmail.com> wrote: > This is a lie. Harsh. Not all errors are lies. Sometimes people are just wrong without malice. Writing is an inexact science. Sometimes editing for style destroys accuracy, even with formerly technical people doing it. The statement is closer to the UEFI's (failed) intent than it's (actual) result, but is not phrased thus, so it is false in detail. > I didn't read the rest of the article. Your loss. If your point is it only prevents execution of unsigned bootloaders, you are correct. The rest of the article explains that. Since you already knew that, no loss to you perhaps. The intent of course is to prevent installing malware, Hackintosh, Linux, and *BSD. But no one expects it will prevent VMware, IBM, HP, Oracle from shipping ESX RHEL OEL Solaris86 to their commercial server customers. So far I've seen PLANS by top distros and the Foundation to buy a Key from M$. I will be happy when i see evidence they've received the goods. Will MS accept their money, or make some excuse to defend their monopoly? The wrong sentence we should take exception to is Bottomley noted that this pre-bootloader ?provides no security enhancements over booting linux with UEFI secure boot turned off,? This does not seem true, since it will require a user acceptance of an unsigned 2nd load, it will provide a bar to programatic reboot to elevate privilege by starting unattended install or installing a malware hypervisor when rebooting with a USB/DVD mounted. I won't call that a lie either, it's just sloppy thinking. Sounds like for SERVERS (that we often want to reboot remotely or automatically) we either need to turn UEFI SecureBoot off in the mobi FLASH UEFI settings OR stick to distros that have their own purchased signatures. Servers mostly use the big three or their derivatives anyway, but Debian still has some % of server share, this may push them to Ubutu's Server spin. -- Bill @n1vux bill.n1vux at gmail.com
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
