|
Authored by: globularity on Friday, October 12 2012 @ 04:08 AM EDT |
No to boot a kernel signed by someone else requires no physical presence. Worse
still it could prevent you booting a known good kernel from read only media to
verify the integrity of the system. The user has no idea where the Microsoft
keys have been. UEFI is easily changed and plenty big enough to hide all manner
of spyware How can you be sure that SHA of UEFI stored on the hard disk wasn't
modified to suit the Special UEFI some agency just installed
Imagine you get stopped at Airport security and they take your laptop on
whatever pretext, would UEFI give you any piece of mind when it was returned? I
would have far more trust in a system running DOS with a soldered in EPROM, just
boot a good copy of DOS from a floppy and you most likely have an accurate view
of the machine.
---
Windows vista, a marriage between operating system and trojan horse.[ Reply to This | Parent | # ]
|
|
|
|
|