Is was quoting B8, but changed my text. I realized I should better ask that in pm. But anyway rapporteur is also a Dutch word, hence my question.
That is easy. The SLIC specs are the first to made be made. Intel and other IBV's build test UEFI's for Microsoft, so it can test it's code for OA3 to work correctly.
It looks pretty arguable - tests are tests between OEMs and MS, but to officially release BIOS updates with new features, which specs weren't officially signed off yet, looks a bit odd. I'd rather think MS had finished developing OA3.0 a few weeks before it was announced...
I didn't realize Yen despised Ed Bott. I like him, speaking for myself. Additionally, I have been paying very close attention to Yen's contributions on this thread. Very informative and very well done. Thanks, Yen!
No need to panic yet tell we see what they come up with. Also there no such a thing as unhackable and this is microsoft so they can't make it to much of a pain in the butt for the oem guys.
Windows loader took care of win7. I am part of a project that uses hypervisor to inject x58 code into an os, it is a completely invisible process, even compared to starting it with a grub loader, so it is undetectable by the nvidia driver, even updated ones. Took us 2 years but still... It's called Hypersli. I think the same tech could be used for win8 easy, secure boot be darned... The author believes he can add uefi support no problem to the sli issue. But we only deal with Nvidia Sli stuff. I'm sure some clever tech could use hypervisor to activate Win8 on a uefi based system easily. I work with Anatolymik on techpowerup. Seems I can't post links, so you'll have to figure it out. Nice sense!
You use it to enable sli on cards that don't support it or what? That's pretty nice. btw, what's x58?
I try to post what I know, thanks for the compliment. I didn't despise Ed Bott himslef, actually I never have heard of him before. All I have posted is about his article. I don't know about other articles he has written. "Leading PC makers confirm: no Windows 8 plot to lock out Linux" This is his headline. "Dell has plans to make SecureBoot an enable/disable option in BIOS setup.” (That’s exactly what the FSF is demanding.) Dell plans to move to the UEFI version that includes Secure Boot in the Windows 8 timeframe, although the spokesperson told me it’s far too soon to provide any further details about the company’s plans for Windows 8 PCs." Have a look at the bold words. This is no serious journalism, this is yellow journalism. And who is a Dell spokesperson without a name? It could have been the charwoman. My profession is science and I know how to write articles accentuated with facts. OK, everybody who knows me a bit knows that I have problems with monopoly and my posts reflect that. Most of the articles found all over the net are a kind of yellow journalism. It's difficult to have reliable sources. Either you are a professional or at least an enthusiast that is involved, or you know somebody who is. Anything else is copy and paste. OK... UEFI image signing and Secure Boot are going their ways, testing is fully in progress, that's a fact.
Hmmm......I guess he refers to the SLI certification which was introduced by Nvidia at X58 chipset boards to ALLOW SLI (btw another stupid certification that says no cert., no feature). It is actually a 'certificate' found at the DSDT ACPITable. Example Andy's mod tools have that 'DSDT' feature as well. So it is a 'injector' (loader) that actually adds the SLI certificate to the DSDT. Basically it alters ACPI table(s) similar to Daz loader. The main difference will be: The SLI certification of Nvidia will not change whereas OA3.0 will change. I am still convinced OA3.0 will require Secure boot, which only runs signed boot loaders. It is highly doubtful that OA3.0 will use ACPITable to store the license. It might be that the entire w8 image is stored on a EFI partition, signed and certified with a unique serial. A loader that supports GPT should be no problem.
Well I don't know how far a virtual machine manager can access memory (addresses). Since it is a program it's for OA probably useless, but could be an option for KMS. Also I don't know how hyperSLI works. I know that to run SLI you need to patch driver and DSDT table. The DSDT table is also accessible at the registry. (HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\....\...\...) Type 1 VMM are running below OS level on top of the hardware. They have been used to inject malware. I guess ELAM will do its job then... This is virgin land to me.....but virtualisation instead of emulation sounds fancy.
I hope there will be a day once when we can run 2 or more operating systems at once on the same hardware. I mean without virtualization, the hardware (or uefi) keeps track of everything then. The hardware has to manage the memory then, but the uefi firmware translates it to "usual adresses" for the os, so the os won't ever know there's another os still running. On multicore cpu's it can give 1 core to os 1, another core to os 2 etc and they will appear as single core processors to the os, or it can let both oses run in1 core and share cpu time among them. So more than 1 os running at a time without any virtualization except for the adress translation, where all oses talk directly to the hardware and none of the oses know there's another os running next to it. I hope there will be a time when this is possible. But probably that's not going to happen cause with the techniques we have now to share system recourses among vm's etc it will probably be less performant than virtualization. But it would be cool.
Yes, I am zealous to find an alternative OS. And I came from TPM to the 'Anti Evil Maid' article and then to the OS. I also plan to test it, it should boot from a USB device. I might use it for banking stuff and surfing. The invisible Things Lab is one of the most reliable sources regarding security and vulnerability. The team is very competent and they explain the exploits. I had PM'd her (the CEO Joanna Rutkowska) a long time ago. I wanted to know about the exploit of Intel signed EFI. "Another possible implementation problem might be similar to the attack we used some years ago to reflash a secure Intel BIOS (that verified digital signatures on updates) by presenting a malformed input to the BIOS that caused a buffer overflow and allowed to execute arbitrary code within the BIOS." She was very kind and had answered my questions. She mentioned that I am the only one who is interested about so far (that time). She and her team are great. I never had e-mail contact with a CEO of a OS develop team till then.... Btw:Qubes looks better than windows 8 metro and is already beta2, lol. It also will get the ability to run windows programs.
That's the thing isn't it, its open source. They know their stuff , it will run windows apps , it looks visually impressive, its very secure , non exhaustive on resources, its fast and to top all that its FREE ! It's a no brainer really !
Back on topic My belief is that for any possible exploit to work except for KMS , then the digital signature is where we need to look. By this I mean any code that may be written is going to need to b signed to get past ELAM. What I would like to know is how digital signing actually works, can it be duplicated , can an already signed code have its signature extracted and cloned and then applied to some other piece of code ? Please excuse my ignorance on this subject I'm just curious .......
Basically, no, it can't be cloned or anything like that. Do you know how asymmetrical encryption works? Otherwise I'll try to write a massive post about digital signatures, cause I've found that you aren't the only one who doesn't really understand how this works.