* James Bottomley: > Right, but what I'm telling you is that by deciding to allow automatic > first boot, you're causing the windows attack vector problem. You could > easily do a present user test only on first boot which would eliminate > it. Apparently, the warning will look like this: WARNING: This Binary is unsigned Are you sure you wish to run an unsigned binary in a secure environment? To avoid this question in future place the platform into setup mode See http://www.linuxfoundation.org/uefi-setup-mode And reboot. I'm not convinced this will work because users will confirm their presence to get back into the system. We expect GNU/Linux users to do it, why wouldn't Windows users? (And what harm can an unsigned binary do to a "secure environment", anyway? If it's adversely affected, it can't be that secure, can it?) And what's the backup plan if users use this to boot into compromised Windows systems? -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
