Hacker News new | past | comments | ask | show | jobs | submit login

Which? The first one (the one I'm running on my laptop) doesn't involve custom mode at all - I'm using an MS-signed bootloader to exit boot services and do some stuff, with no changes to SecureBoot or PK or any other variables. I have an actual Secure Boot-enabled platform with only Microsoft keys enrolled.

The rest involve changing EFI variables, yes, but my impression is that "Custom Mode" refers to a UI in the BIOS which permits you to change the variables, and those variables are always writable by code running in boot services. The requirements say, "On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: 'Custom' and 'Standard'." Nothing I'm suggesting involves going to firmware setup.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: