Hacker News new | past | comments | ask | show | jobs | submit login

"...it’s just that the system has to trust the Microsoft CA out of the box"

That's the entirety of my complaint.

Thanks for the link! My board is not on it as I assumed.




You can remove Microsoft's certs from the trust store used by the board, though. You can choose to keep them to facilitate dual boot with Secure Boot on, but you can also choose to eject them from the trust store.

Sure, they're loaded by default, and you can argue that we can't prove the board isn't gonna trust them behind your back -- but that applies to older non-open hardware too.

My bigger annoyance is Intel Boot Guard. I want Intel to let us control the firmware more directly -- even if it requires some physical authorization/kills some DRM component in ME or something. But that's not happening anytime soon...




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: