On Friday 08 Jun 2012 20:43:10 Jim Henderson wrote:
On Fri, 08 Jun 2012 22:29:22 +0200, Graham Anderson wrote:
Additionaly, I reject the premise that this new form of restrictions is related to security. UEFI code will be permanently running on any machine that implements it and of course it will be running at level that even your OS will be have to obey. And of course it's all proprietary.
Well, I think whether it's about security or not is debatable (but not actually relevant in the end - because it's coming and that's how it's being /sold/ to the mass market).
The original paladium (TPM) chips were seen as inevitable, and while they have made their way onto many boards that corporations and governments buy (because of the obvious implications of lockdown) these chips have not seen much penetration outside the paranoia of large industry. That in itself is quite amusing because the alleged security that TPM provided, has never come to pass. The penetration of corporate and government networks that specifcy having a TPM chip should raise flags to just about anyone except maybe those that frequent the South China Sea near Taiwan. A few years on and now we have son of paladium, and that's TPM+UEFI. The hope is that there can be control or monitoring or shutdown of "unauthorised software". It's frankly a pipe dream. And on matters of trust we just have to look to the recent CA's that issue generic certs for cash. And that's just the cheap wankers, flame authors are desperately and efficiently covering their tracks even with government backing. So i ask you again. Do you really want your bootloader and kernel to only be "authorised" by the likely candidates that will crack your system for political or monitary gain? Cheers the noo, G