Microsoft’s mistake with Secure Boot and its secret policy is a perfect illustration of why it’s too dangerous to create encryption systems with a secure backdoor. Someone will inevitably make a mistake, and users are left vulnerable while the company scrambles for a fix.
Secure Boot, a feature of the Unified Extensible Firmware Interface (UEFI), protects the boot process in latest the Windows versions from malicious bootkits and packages. It implements only bootloader components that have been signed and verified by Microsoft before bringing on kernel drivers, user drivers, and applications; all this is governed by different policies. Therefore, devices with Secure Boot enabled cannot be reinstalled with another operating system, even if the user has administrator privileges, because the binaries aren’t signed by Microsoft.
To read this article in full or to leave a comment, please click here