No brochures anymore @devoxx.
Just Mobile apps & web.
15 November 2012
5 November 2012
The new Windows 8 UEFI (Unified Extensible Firmware Interface) secure booting system will prevent hardware from booting anything that has not been signed, using keys from Microsoft or the OEM.
This will prevent the hardware from booting anything else than Microsoft software, like malware (the target) or Linux (collateral benefit).
The effective rules are discussed here:
- Windows 8 certification requires that hardware ship with UEFI secure boot enabled.
- Microsoft's certification requirements eventually revealed that that UEFI firmware on x86 systems must allow users to re-configure or turn off secure boot, but that this must not be possible on ARM-based systems (Windows RT)
- Windows 8 certification does require that the user be able to disable UEFI secure boot, , but this must not be possible on ARM-based systems (Windows RT)
- Windows 8 certification does not require that the system ship with any keys other than Microsoft's.
- Developers (e.g. for drivers) must pay $99 (which goes to VeriSign) to access the Microsoft sysdev portal in order to get binaries signed by the Microsoft key.