X-Account-Key: account3
X-UIDL: 1153749825.22388
X-Mozilla-Status: 0000
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Return-path: <informatique-deloyale-owner@april.org>
Envelope-to: jtadeusz@april.org
Delivery-date: Wed, 21 Sep 2011 15:45:11 +0200
Received: from sympa by mescaline.april.org with local (Exim 4.50)
	id 1R6N6s-0001M8-DQ; Wed, 21 Sep 2011 15:45:10 +0200
Received: from smtp05.smtpout.orange.fr ([80.12.242.127]:29101 helo=smtp.smtpout.orange.fr)
	by mescaline.april.org with esmtp (Exim 4.50)
	id 1R6N6i-0001FU-Hb
	for informatique-deloyale@april.org; Wed, 21 Sep 2011 15:45:06 +0200
Received: from deepvault.localdomain ([83.199.5.141])
	by mwinf5d52 with ME
	id bRj01h00232ZYpP03Rj0Tw; Wed, 21 Sep 2011 15:43:00 +0200
X-ME-engine: default
Received: from ruffy by deepvault.localdomain with local (Exim 4.72)
	(envelope-from <ruffy@deepvault.doesntexist.org>)
	id 1R6N2N-0002x2-4Z
	for informatique-deloyale@april.org; Wed, 21 Sep 2011 15:40:31 +0200
Date: Wed, 21 Sep 2011 15:40:31 +0200
From: =?iso-8859-1?Q?Beno=EEt?= Sibaud <bsibaud@april.org>
To: informatique-deloyale@april.org
Message-ID: <20110921134030.GA11211@deepvault.doesntexist.org>
References: <1348474.P4v5yWkCXh@hyperion>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <1348474.P4v5yWkCXh@hyperion>
User-Agent: Mutt/1.5.20 (2009-06-14)
X-Spam-Score: 1.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on spamvir.april-int
X-Spam-Level: *
X-Spam-Status: No, hits=1.5 required=5.0 tests=BAYES_50,NO_RDNS2,RCVD_IN_SORBS,
	SARE_URI_OEM autolearn=no version=3.2.5
X-Loop: informatique-deloyale@april.org
X-Sequence: 387
Errors-to: informatique-deloyale-owner@april.org
Precedence: list
X-no-archive: yes
List-Id: <informatique-deloyale.april.org>
List-Help: <mailto:sympa@april.org?subject=help>
List-Subscribe: <mailto:sympa@april.org?subject=subscribe%20informatique-deloyale>
List-Unsubscribe: <mailto:sympa@april.org?subject=unsubscribe%20informatique-deloyale>
List-Post: <mailto:informatique-deloyale@april.org>
List-Owner: <mailto:informatique-deloyale-request@april.org>
List-Archive: <http://www.april.org/wws/arc/informatique-deloyale>
Subject: Re: [INFAUX] Verrouillage =?iso-8859-1?Q?a?=
	=?iso-8859-1?Q?u_niveau_du_chargeur_de_d=E9marrage?= minimal
X-SA-Exim-Connect-IP: <locally generated>
X-SA-Exim-Mail-From: informatique-deloyale-owner@april.org
X-SA-Exim-Scanned: No (on mescaline.april.org); SAEximRunCond expanded to false
Status: O
X-UID: 22388
Content-Length: 3322
X-Keywords:                                                                                                    

Bonjour,

Sur le même sujet :
http://www.itworld.com/it-managementstrategy/205255/windows-8-oem-specs-may-block-linux-booting
http://www.networkworld.com/community/node/78727
http://www.itwire.com/opinion-and-analysis/open-sauce/49889-will-windows-8-succeed-in-locking-out-gnulinux
http://www.theregister.co.uk/2011/09/21/secure_boot_firmware_linux_exclusion_fears/
http://www.zdnet.com.au/windows-8-secure-boot-to-block-linux-339322781.htm
http://www.thinq.co.uk/2011/9/21/windows-8-secure-boot-feature-lock-out-linux/
...

La source est la présentation de Arie van der Hoeven, Principal Lead Program
Manager chez Microsoft.
http://video.ch9.ms/build/2011/slides/HW-457T_van_der_Hoeven.pptx
« Secure boot
(...)
UEFI and secure boot harden the boot process
All firmware and software in the boot process must be signed by a trusted
Certificate Authority (CA)
Required for Windows 8 client
Does not require a Trusted Platform Module (TPM) »
et
« New Windows 8 requirements:  
Windows 8 client systems must be certified in UEFI mode
Secure boot
Secure firmware update process
(...) »

En parcourant les liens du document :

HW-462T - Building hardware-based security with a Trusted Platform Module (TPM)
http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-462T
http://video.ch9.ms/build/2011/slides/HW-462T_Spiger.pptx
« UEFI will only launch a verified OS loader – such as Windows 8 »
« Windows 8 has a bunch of new TPM-enabled features »

HW-260T - Windows Certification: improvements to the logo program
http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-260T
http://video.ch9.ms/build/2011/slides/HW-260T_Koenders.pptx

Windows 8 Certification Requirements – Preview
http://go.microsoft.com/fwlink/p/?LinkId=227313
Windows Hardware Certification Kit – Preview
http://go.microsoft.com/fwlink/p/?LinkId=228472
(les deux nécessitent un compte Live.com, pas regardés du coup)

Windows Server 8 SW Certification Requirements Draft
http://www.microsoft.com/download/en/details.aspx?id=27423
TODO
Windows Logo Program for Hardware: Overview
http://msdn.microsoft.com/library/windows/hardware/gg463010.aspx
TODO
« SYSFUND-0229. Systems with a greater than 2.2 terabyte boot drive must comply
with UEFI specification. »


[HW-659T] Certifying hardware with the Windows Hardware Certification Kit
http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-659T
http://video.ch9.ms/build/2011/slides/HW-659T_Rowland.pptx

[HW-665C] Windows Certification Program, process and tools
http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-665C
http://video.ch9.ms/build/2011/slides/HW-665C_Edfeldt.pptx

[HW-719H] (Lab) Experiencing the Windows Hardware Certification Kit
[APP-840H] (Lab) Hands on lab for Windows App Certification Kit
pas disponibles apparemment

[SAC-932T] Windows Server 8 software and hardware certificationCertification
http://channel9.msdn.com/Events/BUILD/BUILD2011/SAC-932T
http://video.ch9.ms/build/2011/slides/SAC-932T_Arthur.pptx
« Examples of “If Implemented” requirements for Server;
UEFI Firmware
	If UEFI is implemented in the system, it must meet all requirements 
(...)
Trusted Platform Module
	Network Key Protector for BitLocker, Secure Boot, etc. enhance data
security »
Il est aussi question d'une session « UEFI Firmware for Secure Experience,
Session 457 ».


-- 
Benoît Sibaud