[ale] Linux on UEFI mother boards
Michael B. Trausch
mbt at naunetcorp.com
Tue Sep 24 20:42:07 EDT 2013
On 09/24/2013 07:59 PM, JD wrote:
> I don't think of UEFI as a bad thing, it is just a new thing. GPT partitioning
> is definitely a great thing and Windows requires UEFI to make use of it.
It is definitely superior to BIOS---it gives the user a fully-functional
pre-boot environment. It's not exactly as easy as Linux to write
software for, but you can somewhat easily write software with it once
you have the appropriate SDK installed, and that means that one can
write very low-level, special-purpose firmware drivers and diagnostic
utilities to accompany them.
One nifty thing is that it is possible for e.g., a business or school to
use Secure Boot plus free software to create an environment which is
essentially self-proving: any system where the trust chain from the
firmware to the operating system is broken will not boot---the
assumption being that if this invariant is violated, the system must
have been compromised. (Of course, this means that a bug in an update
that fails to update the appropriate signatures will cause a broken
system, but hopefully operating system vendors test all of their updates
before sending them out.)
It would make it possible to deploy a large network of systems and have
a system that operates at the layer of firmware that helps to extend
already-existing network infrastructure (e.g., Kerberos) right on down
to the hardware layer. It also makes it possible to enforce very
fine-grained policies: "only the proved hardware with these serial
numbers are allowed to access this resource" is a policy that becomes
provably enforceable in such an environment. This is not a bad thing.
--- Mike
--
Naunet Corporation Logo Michael B. Trausch
President, *Naunet Corporation*
? (678) 287-0693 x130 or (855) NAUNET-1 x130
FAX: (678) 783-7843
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130924/7c1d6231/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gjjjhdbh.png
Type: image/png
Size: 1701 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20130924/7c1d6231/attachment.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mail.ale.org/pipermail/ale/attachments/20130924/7c1d6231/attachment.sig>
More information about the Ale
mailing list