No. 1 Story
Construction needs cloud flexibility
Australia’s embattled construction sector could benefit from cloud based information systems that can be switched on and off in lockstep with individual projects – with the exception of those organisations based in remote areas like the Kimberleys.
read moreMore From
Windows 8 will lock out GNU/Linux on ARM devices
Sam Varghese
Monday, 16 January 2012 10:56
Microsoft has made it clear that it will use the secure boot feature available with Windows 8 to lock out other operating systems from ARM devices which are running this version of its operating system.
The specifications in the company's Windows Hardware Certification Requirements make this clear, according to tech blogger Glynn Moody.
The issue of secure boot on Windows 8 was raised in September when Linux developer Matthew Garrett pointed out that this feature, implemented as per the Unified Extensible Firmware Interface guidelines, could be used to ensure that only Microsoft operating systems were loadable on a given device.
The system firmware can contain one or more signed keys and any executable that is not signed by these keys cannot boot on said system. Another set of keys - called Pkek - allows for communication between the operating system and the firmware.
An operating system with matching Pkek keys can add more keys to a whitelist - or a blacklist. In the latter case, any executable which has a key on the blacklist will not boot.
The Linux Foundation later provided a list of ways in which this could be bypassed, provided hardware vendors cooperated.
The Windows Hardware Certification Requirements (PDF) say, on Page 116:
20. MANDATORY: On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following:
a) It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK.
b) If the user ends up deleting the PK then, upon exiting the Custom Mode firmware setup, the system will be operating in Setup Mode with Secure Boot turned off.
c) The firmware setup shall indicate if Secure Boot is turned on, and if it is operated in Standard or Custom Mode. The firmware setup must provide an option to return from Custom to Standard Mode which restores the factory defaults.
On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable (sic).
You think you have a disaster recovery plan?
Think again. Most businesses only have PART of a DR plan - and this spells business disaster in the event of an IT disaster.
Download The Seven Sins of Disaster Recovery White Paper now and find out how you can prevent this happening to you.
