|
Authored by: hardmath on Friday, June 08 2012 @ 05:37 PM EDT |
Just speculating here:
When they talk about a bootloader being "signed with a MS key", I
suspect a public key encryption scheme is involved.
That is, the UEFI bios has a public key to decrypt something encrypted with MS's
private key, such that if the decryption produces an "acceptable"
result (which might be anything on a whitelist or other publicly viewable set of
"known good" results), then the UEFI bios hands control over to that
bootloader.
Nothing about the signing or decryption requires Microsoft to reveal their
private key. Should it happen, then of course one might have a large scale
problem of bogus signings of bootloaders to deal with. But getting Microsoft to
sign your bootloader would not empower you to reveal their private key.
--hm
---
"Prolog is an efficient programming language because it is a very stupid theorem
prover." -- Richard O'Keefe[ Reply to This | Parent | # ]
|
|
|
|
|