On 03/27/2013 09:25 AM, m.roth@xxxxxxxxx wrote:
> why is it that the OEM does not provide the UEFI key with the
> hardware FOR THAT BOARD AND UEFI, rather than have it provided by M$?
Because then you'd have to install a version of Windows (or any other
OS) signed FOR THAT BOARD AND UEFI.
Secure Boot has its design rooted in x509, just like SSL. There could
be more than one trusted CA, and will be when users install one of their
own. However, the more CAs there are, the greater the risk of malware
being signed and compromising the security of the system.
MS doesn't provide the signing service, anyway. Verisign does.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
