UEFI president: We need more key providers

UEFI Forum chief Mark Doran explains how UEFI works and addresses the criticisms around Microsoft's use of UEFI Secure Boot

By , IDG News Service |  Hardware

Part of the mechanism we define in the specification includes revocation. In the firmware there is a so-called white list, which is a collection of keys that represent signing authorities. And there is also a black list that has images that we know to be bad actors. So when the system [encounters] a bad image, it won't run it. And if malware gets out, we have a way to handle it pretty quickly, without significant updates to the firmware.

IDGNS: Microsoft has demanded the hardware partners use Secure Boot, and in doing so it has been accused of trying to lock out other operating systems in the market. Did you anticipate this problem?

Doran: I'm not surprised people are looking at this with a critical eye, but I think there is much smoke but not much fire.

If you read the requirements Microsoft published on what it takes to build a platform that is ready for Windows 8, it actually specifies that an end user must be able to turn off Secure Boot as a feature. The vast majority of general-purpose platforms that have Secure Boot have a way to disable that. And many have a way to install new keys. So when you get one of these things, you have a choice.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness