|
|
Пишет LWN.net (![[info]](http://lj.rossia.org/img/syndicated.gif){kind=small} syn_lwnheadline)@ 2012-12-03 16:37:00 |
 |
|
 |
|
|
|
|
|
|
 |
|
 |
The first "shim" UEFI secure bootloader released
Matthew Garrett has announced the
availability of the first "usable" version of the "shim" UEFI secure
bootloader. "If you want, you're then free to impose any level of
additional signing restrictions - it's entirely possible to use this
signing as the basis of a complete chain of trust, including kernel
lockdowns and signed module loading. However, since the end-user has
explicitly indicated that they trust your code, you're under no obligation
to do so. You should make it clear to your users what level of trust
they'll be able to place in their system after installing your key, if only
to allow them to make an informed decision about whether they want to or
not."
Matthew Garrett has announced the
availability of the first "usable" version of the "shim" UEFI secure
bootloader. "If you want, you're then free to impose any level of
additional signing restrictions - it's entirely possible to use this
signing as the basis of a complete chain of trust, including kernel
lockdowns and signed module loading. However, since the end-user has
explicitly indicated that they trust your code, you're under no obligation
to do so. You should make it clear to your users what level of trust
they'll be able to place in their system after installing your key, if only
to allow them to make an informed decision about whether they want to or
not."
