Hello Miles, Miles Bader <mi...@gnu.org> wrote: > Or is entering a new key a "manual" process ("type in the 50 hex digit > key")?
Something like that, yes. Either via an already-signed update at runtime or manually at something like the current BIOS interfaces. > Can there be multiple keys (I vaguely recall the article saying there > could only be one key [at MS's insistence]...but not sure if I really > understood what it was saying)? At the moment, only one key can be used to _sign_ software/drivers. There can be more than one key on your computer to verify these signatures. That is, a driver A can be only be signed by one entity (1) and driver B can only be signed by 2, but if you have both the public keys of 1 and 2 in your UEFI keystore, you can load driver A and driver B. Of course, it is also possible to distribute variants A' and A'' signed by 2 and 3. Best regards, Claudius -- I tried the clone syscall on me, but it didn't work. -- Mike Neuffer trying to fix a serious time problem http://chubig.net telnet nightfall.org 4242
signature.asc
Description: PGP signature