dev <devuan.2@???> wrote:

> Just ran across this. Not sure what it means for Open Source bootloaders.
>
> "The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled."

Basically it means you can install pretty well any system. The headline is a bit misleading since they haven't leaked the "golden key" backing all this security stuff up, but have inadvertently left a specific policy on the devices which (if enabled) tells the bootloader to ignore any signing errors.

So while normally, if you tried to use your own software, the bootloader would barf and refuse to run it as unsigned or not signed with a known key, in this case it has an instruction telling it to ignore those errors.

"not 'arf bad" explanation in this article on TheReg
http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/


Sadly it's not half as useful as if they had really leaked their "golden key" - because with that, anyone would be able to sign anything for any device trusting MS keys, and that WOULD be interesting !