German magazine: Windows 8 Bootloader blocked with certificate

Discussion in 'Windows 8' started by cfrank33, Sep 22, 2011.

  1. cfrank33

    cfrank33 MDL Junior Member

    Feb 12, 2008
    68
    0
    0
  2. nexus76

    nexus76 MDL Addicted

    Jan 25, 2009
    783
    296
    30
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. mythofuniverse

    mythofuniverse MDL Junior Member

    Sep 12, 2010
    66
    17
    0
    FROM WINDOWS 8 BLOG
    A demonstration of this control is found in the Samsung tablet with Windows 8 Developer Preview that was offered to //BUILD/ participants. In the screenshot below you will notice that we designed the firmware to allow the customer to disable secure boot. However, doing so comes at your own risk. OEMs are free to choose how to enable this support and can further customize the parameters as described above in an effort to deliver unique value propositions to their customers. Windows merely did work to provide great OS support for a scenario we believe many will find valuable across consumers and enterprise customers.

    Samsung-PC-secured-boot-setting_5B335428.jpg

    so we can disable the secure boot with UEFI option..moreover mac os x hackers have been working with EFI strings which enable mac os to boot from normal PC.. so that i don't think UEFI is much of a problem for hackers...moreover we got a manual override option too. SO no worries:rolleyes:
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  4. venu

    venu MDL Addicted

    Oct 16, 2009
    894
    99
    30
    Its likely OEM win8 will not be able to boot at all if secure boot is disabled.
     
  5. FireRx

    FireRx MDL Member

    Feb 14, 2011
    118
    22
    10
    that's exactly what that means. No more using OEM disc for pirated installs. Remember the IBM fiasco with Windows 7 OEM disc?:tv_horror:
     
  6. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,541
    340
    The UEFI specifications 2.3.1 errata A were signed off at 7. SEP and I guess no EFI has it yet.
    It might be that if you have it as an option it has to be enabled. But W8 also must boot with a BIOS, otherwise no PC that still has a BIOS couldn't use w8.

    More probable is that OA3.0 will be implemented into UEFI only where it is digitally signed. To port the OA3.0 to a BIOS would be hard then.....
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  7. FireRx

    FireRx MDL Member

    Feb 14, 2011
    118
    22
    10
    the weird thing is if you have a performance system that you update you bios of UEFI often it going to be a pain to deal with. I can see all the gnashing of teeth EVGA would have to real with.
     
  8. mythofuniverse

    mythofuniverse MDL Junior Member

    Sep 12, 2010
    66
    17
    0
    If it is going to be like this.. then as Yen said there would be windows 8 for present PCs.. All over the world everyone need to update their BIOS to UEFI provided by their manufacturers.. Do u think its possible for all mobo from all manufacturers.. If Win8 is jus for newer PCs. then it is one hell of WINDOWS VISTA 2
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  9. mythofuniverse

    mythofuniverse MDL Junior Member

    Sep 12, 2010
    66
    17
    0
    very well said..whatever be the case with win8 whether it boots with normal BIOS or not.. there is always a solution..
    UEFI - its nothing but may be a strings of hardware addresses.. we can very well extract it from the hardware ROM..
    even if we cannot then there is a possibility of developing entirely modified bootloader for win8. as they do it with mac os to boot from PC
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  10. venu

    venu MDL Addicted

    Oct 16, 2009
    894
    99
    30
    Yen, any details about OA 3? I mean could it be just slic 2.2 and different certs and keys? or maybe a completely different mechanism with everything encrypted and maybe some unique key made partly of the hardware hash?...I'm rambling.
     
  11. venu

    venu MDL Addicted

    Oct 16, 2009
    894
    99
    30
    What about that key? Enlighten me.
     
  12. .NetRolller 3D

    .NetRolller 3D MDL Novice

    Jul 16, 2009
    32
    2
    0
    BTW, if they intend to use UEFI Secure Boot for DRM - good luck blocking DUET (of EDK-II)!
     
  13. FireRx

    FireRx MDL Member

    Feb 14, 2011
    118
    22
    10
    #13 FireRx, Sep 26, 2011
    Last edited: Sep 26, 2011

    Nah , this would just affect those that like to leak OEM RTM releases of Windows 8. Yen is right al the legit RTM products will work on everything.:cool:
     
  14. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,541
    340
    Sorry I don't get what you mean. There are no OEM_SLP keys yet. Also the entire OEM_SLP activation system will be activated at RTM and not before. There will be no preinstalled RC versions, for instance...RC versions are not made to be sold together with hardware.

    I have tried to get official info about OA3.0 without avail.
    But it seems OEM licensing will be made for (U)EFI only and not for BIOS anymore. All preinstalled machines will be new and hence it's no problem to realize that.
    There are some rumors, though. It should have an ACPITable, containing the license code and additional checks.
    So one idea could be: All preinstalled OEM_SLP machines have (U)EFI.
    W8 RTM has to run on older machines (with BIOS) generally, but not the OEM_SLP licensed versions.



    The licensing specific checks then are for EFI specifications (secure boot?) only availabe at EFI and not BIOS.
    But these are no facts..just rumors. ;)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  15. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,540
    60
    Yes, UEFI and the option of Secure Boot is a requirement for OEM-preinstalled Windows 8 machines, MS mentioned that in their UEFI sessions at BUILD; so it's obvious OEM licensing will be integrated into EFI firmware in some way.
     
  16. Yen

    Yen Admin
    Staff Member

    May 6, 2007
    10,967
    10,541
    340
    So it can be hard to mimic it!

    BIOS= not digitally signed, allows to run unsigned bootloaders, but has no U(EFI) specification 2.3.1 and hence no secure boot.
    (U) EFI = digitally singend, allows to run signed boot loaders only, not modifiable in any way since the signature becomes invalid...(as Intel did already) and any unsigned loader will w8 make to refuse to start.

    So all OA3.0 is need is a new SLIC and a check for secure boot: on ......and for some additional EFI specifications generally. (To determine that a valid (U)EFI is running and no BIOS)...
    Let's see..lol..
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  17. 100

    100 MDL Expert

    May 17, 2011
    1,346
    1,540
    60
    You don't seem to understand how all of this really works (and doesn't work).

    First, oa2intel doesn't have anything to do with a boot loader.
    Second, there is no difference between x86/x64/ARM. They will all boot only from UEFI, in terms of OEM SLP.

    And what would that be?
     
  18. Opus

    Opus MDL Member

    Jul 28, 2009
    157
    28
    10
    Will that be, OEM_SLP table locked for a particular version of W8 like Home premium only and wouldn't that be upgradable to e.g. Ultimate?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...