(enaix.github.io)

194 points sleirsgoevy | 1 comments | 31 Oct 25 20:20 UTC | HN request time: 0s | source

Show context

gruez ◴[31 Oct 25 21:29 UTC] No.45776910[source]▶

Sounds like the UEFI shim loader that's signed by Microsoft but can load an arbitrary EFI executable (with some signing checks). The difference is that the UEFI shim loader is endorsed/condoned by Microsoft. What about Google? This seems easily patchable, ostensibly for "security purposes" (eg. disabling loading dynamic code).

replies(1): >>45777071 #

p_l ◴[31 Oct 25 21:47 UTC] No.45777071[source]▶

>>45776910 #

Microsoft also forces manufacturers to provide an option to reset Platform Key aka SecureBoot "root of trust" key - which is supposed to be not possible in spec-compliant UEFI system.

They don't do it out of goodness of their hearts, which is why it's more solid than relying on goodwill - Microsoft simply has an offering that depends on that for certain high profile clients.

replies(1): >>45777490 #

XorNot ◴[31 Oct 25 22:39 UTC] No.45777490[source]▶

>>45777071 #

I suspect it's also a defense against antitrust law suits - lock in was how they got sued for things circa Internet Explorer.

Frankly they should still be getting sued for the way Edge and Cortana are bundled.

replies(1): >>45777657 #

leptons ◴[31 Oct 25 23:00 UTC] No.45777657[source]▶

>>45777490 #

Then Apple should get sued for bundling Safari, and also for forcing all browser engines on iOS to use Safari - which is way worse than anything Microsoft ever did with IE.

replies(2): >>45777979 #>>45778231 #

1. jcelerier ◴[01 Nov 25 00:35 UTC] No.45778231[source]▶

>>45777657 #

Yes

↑

A theoretical way to circumvent Android developer verification