Main Area and Open Discussion > General Software Discussion
How-to on taking ownership of your new UEFI equipped PC
40hz:
Not end-user-simple, but the steps are pretty logical?
-f0dder (February 17, 2013, 03:46 PM)
--- End quote ---
Agree. But it is much more complex (and manufacturer/model dependent) than I would have wished.
They have so very much to 'show' us...
Especially since it's so unnecessary to implement it the way they have. And how effective SB will be still remains to be seen. I suspect it will only be temporarily effective against the 'cookbook' malware composers and the hax0r/script-kiddie types. I'm pretty sure all it will do to the professional bad guys is make some extra work for them. (Although I wouldn't mind being completely wrong on that point. There are still some things I don't want to be right about. :mrgreen:)
I expect my Linux cohorts will be walking a lot of newer users through it slowly - and probably just "doing it for" most Linux newbies and first-time adopters.
So it goes. :-\
Curt:
it doesnt win any prizes for accessibility :) -tomos (February 18, 2013, 12:14 PM)
--- End quote ---
My problem was with the sentence: >even if you only ever plan to run Windows<.
1) It is very clumsy English.
2) A computer can officially only run Windows 8 if it has the very same "new UEFI secure boot platform",
so it doesn't matter what else I might be planning, if my plans included Win 8
40hz:
it doesnt win any prizes for accessibility :) -tomos (February 18, 2013, 12:14 PM)
--- End quote ---
My problem was with the sentence: >even if you only ever plan to run Windows<.
1) It is very clumsy English.
2) A computer can officially only run Windows 8 if it has the very same "new UEFI secure boot platform",
so it doesn't matter what else I might be planning, if my plans included Win 8
-Curt (February 18, 2013, 04:35 PM)
--- End quote ---
@Curt - Since I'm a grandmaster of writing overly wordy and clumsy English, you have my sympathies. ;D
And you are correct. Just removing the word "ever" from the sentence would make it clearer and less clumsy...
even if you only ever plan to run Windows
Or you could mentally restructure it to read:
even if Windows is all you ever plan on running
Unfortunately for you Curt, you probably have a better grasp of proper English than many who speak it natively. Try not to let our use (and misuse) of the language drive you too crazy. ;D :Thmbsup:
Curt:
-thanks, 40hz.
I re-edited my initial text right before posting because I suddenly felt too pettiness minded. My first post included these sentences of mine:
">even if you only ever plan to< is not proper use of the word "ever"! I have several translation programs to back up my accusation, because none of them will translate the quoted sentence the way it was intended by the original author. Not one of them!-Curt
--- End quote ---
-but then I deleted it, because I felt I was pouring water over a goose. I guess I still am. ;D
f0dder:
Especially since it's so unnecessary to implement it the way they have. And how effective SB will be still remains to be seen.-40hz (February 18, 2013, 03:34 PM)
--- End quote ---
Unnecessary? The overall design is actually pretty open and flexible. If you want a trusted boot sequence, it could be done a helluva lot worse. Yes, the UX is clumsy, but (for UEFI implementations that do have key management features), you actually have full control and quite a bit of flexibility, and you aren't limited to One Master Key To Bind Them.
As for effectiveness, we'll see indeed. There's no such thing as perfect security, and if you can escalate your exploit-code to kernelmode you'll probably be able to defeat SecureBoot easily. And UEFI is a big and complex beast, so there's probably exploitable bugs in it. But the key architecture seems sound, and security is about a mix of breadth and depth - and SB does raise the bar against pre-OS attacks.
I do predict a lot of people are going to work hard on attacking it, though, since it's such a hated featured and high-profile target.
A computer can officially only run Windows 8 if it has the very same "new UEFI secure boot platform", so it doesn't matter what else I might be planning, if my plans included Win 8
-Curt (February 18, 2013, 04:35 PM)
--- End quote ---
While UEFI+SB might be a requirement to get the "designed for windows 8" certification, Win8 works just perfectly without SecureBoot, and it doesn't need UEFI either, works fine with BIOS booting.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version