undefined | Better HN

0 pointsicebraining8y ago0 comments

The "hack" in question involves replacing the hard drive.

Secure Boot should be able to prevent this even with physical access.

0 comments

2 comments · 1 top-level

webreac8y ago· 1 in thread

I do not understand. If a legitimate version of windows is installed on the hard drive, how secure boot will stop it ?

You're thinking of Secure Boot as it's typically used, where firmware on the motherboard verifies that the kernel is signed by whoever wrote the kernel, e.g. Microsoft. But there's no reason you couldn't have the motherboard OEM load, say, the ATM manufacturer's public key, and have Secure Boot verify that the kernel has been signed by the ATM manufacturer. Then the motherboard will refuse to boot an OS which wasn't signed by the ATM manufacturer, even if it's otherwise "pure".

j / k navigate · click thread line to collapse