[Discuss] Fighting UEFI
Richard Pieri
richard.pieri at gmail.com
Mon Jul 30 13:42:21 EDT 2012
On 7/30/2012 1:25 PM, Tom Metro wrote:
> We're talking x86 here, right?
Yes, we are. From the Windows 8 Hardware Certification Requirements
document:
> 18. Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is
> required to implement the ability to disable Secure Boot via firmware
> setup. A physically present user must be allowed to disable Secure
> Boot via firmware setup without possession of PKpriv. A Windows
> Server may also disable Secure Boot remotely using a strongly
> authenticated (preferably public-key based) out-of-band management
> connection, such as to a baseboard management controller or service
> processor. Programmatic disabling of Secure Boot either during Boot
> Services or after exiting EFI Boot Services MUST NOT be possible.
> Disabling Secure Boot must not be possible on ARM systems.
The original draft from December last year was unclear. The revised
version from early May is specific about enabling/disabling Secure Boot.
You can find the full documents here:
http://msdn.microsoft.com/library/windows/hardware/hh748188
--
Rich P.
More information about the Discuss
mailing list