Enroll on first boot? Like literally the first time the laptop is powered on it siphons keys from the OS? That seems... counterintuitive.
Plus, it really doesn't solve the issue we're talking about. If it enrolls on boot then:
- system UEFI keys are modifiable (just like they are now)
- if you boot Windows 8 first, you're screwed... unless you can change the keys.... like you can now.
So even if they pre-enroll, you still have the exact same problem -- will the OEM/UEFI designer allow you to enroll keys or disable SecureBoot entirely?
Personally, I understand your worry 100% but I think it's needlessly paranoid. I simply don't see OEMs going for this, and even if they do, there will be models simply sold without the Windows 8 sticker or what not.
the point of on first boot is that Microsoft will have to use the same mechanism as everyone else, and not be able to "prebake" keys, which subsequently (and quite coincidentally i'm sure) have bugs in their update procedure.
How is that any different. Even every single Linux user I know has bought a laptop and fired it up at least once before subverting the boot process to install Ubuntu right off the bat.
So, let's assume 99.999% of consumers will boot their laptop as soon as they get it. okay, we're still in the exact same boat we've been in. Unless I'm missing something...
>which subsequently (and quite coincidentally i'm sure) have bugs in their update procedure.
Given the multitude of bugs in various UEFI impls so far, I would say that this is a fairly legitimate concern. Especially as I'm assuming most people like you or I are likely to just disable SecureBoot altogether and never properly "test out" enrollment.
> Even every single Linux user I know has bought a laptop and fired it up at least once before subverting the boot process to install Ubuntu right off the bat.
Now imagine there's an option in the UEFI BIOS:
* Revert to trust-on-boot mode. WARNING: this may expose you to attacks by malware.
Again, how is this any different than just letting the user enroll a key? Or using one signed by a supported key, or using one with a shimloader already ready to go?
I mean, I guess as a convenience mechanism, but then again, why not just disable it and be done with it. Maybe a chance that would make more sense to me would be to have an option:
* Extract SecureBoot keys from bootloader/kernel whatever
and be able to specify your own kernel or what not.
But then again, that's basically what you get via your own key enrollment ;)
Plus, it really doesn't solve the issue we're talking about. If it enrolls on boot then:
- system UEFI keys are modifiable (just like they are now)
- if you boot Windows 8 first, you're screwed... unless you can change the keys.... like you can now.
So even if they pre-enroll, you still have the exact same problem -- will the OEM/UEFI designer allow you to enroll keys or disable SecureBoot entirely?
Personally, I understand your worry 100% but I think it's needlessly paranoid. I simply don't see OEMs going for this, and even if they do, there will be models simply sold without the Windows 8 sticker or what not.