[CentOS] UEFI

Wed Mar 27 19:23:52 UTC 2013
Gordon Messmer <yinyang at eburg.com>

On 03/27/2013 09:25 AM, m.roth at 5-cent.us wrote:
> why is it that the OEM does not provide the UEFI key with the
> hardware FOR THAT BOARD AND UEFI, rather than have it provided by M$?

Because then you'd have to install a version of Windows (or any other 
OS) signed FOR THAT BOARD AND UEFI.

Secure Boot has its design rooted in x509, just like SSL.  There could 
be more than one trusted CA, and will be when users install one of their 
own.  However, the more CAs there are, the greater the risk of malware 
being signed and compromising the security of the system.

MS doesn't provide the signing service, anyway.  Verisign does.