Re: [GIT PULL] Load keys from signed PE binaries

From: Florian Weimer
Date: Tue Feb 26 2013 - 16:40:24 EST

Next message: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Previous message: tip-bot for Thomas Gleixner: "[tip:core/urgent] stop_machine: Mark per cpu stopper enabled early"
In reply to: Chris Friesen: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Chris Friesen: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Chris Friesen:

> On 02/25/2013 10:14 AM, Matthew Garrett wrote:
>> Windows 8 will not load unsigned drivers if Secure Boot is enabled.
>
> For reference:
>
> http://msdn.microsoft.com/en-us/library/windows/desktop/hh848062%28v=vs.85%29.aspx

Thanks. Do you know perchance of any other Microsoft documentation in
this area, that is, their PKI architecture, the signing and revocation
policies, or even security objectives for the Secure Boot
implementation?

The Windows 8 logo requirements are pretty thin on this and only
specify the "Microsoft Windows Production PCA 2011" (which is used to
sign the Windows boot loader). Policy-wise, I've seen very little
published information (most of it is hearsay), and as to the
objectives, I'm really in the dark.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Peter Jones: "Re: [GIT PULL] Load keys from signed PE binaries"
Previous message: tip-bot for Thomas Gleixner: "[tip:core/urgent] stop_machine: Mark per cpu stopper enabled early"
In reply to: Chris Friesen: "Re: [GIT PULL] Load keys from signed PE binaries"
Next in thread: Chris Friesen: "Re: [GIT PULL] Load keys from signed PE binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]