Re: Accessibility implications of the secure boot leak


Also, I believe a PE based on Windows 8 or later can boot with Secure Boot enabled. I have not actually tested this myself, but I have read that it is possible and I vaguely remember at least a couple of users reporting that they managed to do so successfully.

----- Original Message -----
From: "Iaen Cordell" <>
To: <>
Sent: Friday, August 26, 2016 8:05 AM
Subject: [TechTalk] Accessibility implications of the secure boot leak

Carlos, this maybe of interest for your talking windows PE builds.
Reposted with out permission.

-----Original Message-----
From: Blind-sysadmins [] On Behalf Of mattias jonsson
Sent: Friday, August 26, 2016 7:59 PM
To: Blind sysadmins list <>
Subject: Re: [Blind-sysadmins] Accessibility implications of the secure boot leak

if you have sayed a you have to say b

Den 2016-08-26 kl. 09:17, skrev Ben Mustill-Rose:
Hi all,

Bit of an interesting one here:

By now some of you will have heard that Microsoft has leaked what's
being called a golden key relating to its secure boot process. For
those that haven't, essentially, on newer UEFI based computers that
are prebuilt & the Surface RT tablets you're unable to boot anything
that hasn't been signed by Microsoft. On normal laptops & desktops
you're usually able to just turn it off in the UEFI but obviously this
presents accessibility issues for us.

I'm not going to post any links as I'm assuming that this is a bit of
a grey area legally & replies off list about how to do it will
respectfully go unanswered, but suffice to say that after a bit of
Googling I was able to download a script that disabled secure boot for
me on a computer where it was enabled which allowed me to boot a
talking PE disk. The script is kicked off within Windows and the
process is more or less fully accessible.
My understanding is that MS are pushing out updates that try to stop
the tool from working but at the time of writing they appear not to be
overly effective.

Obviously if we look at the bigger picture, in terms of security this
is a *huge* issue. Never the less, for us, it is a small, all be it
unintended win in terms of accessibility.

Have fun,

Join to automatically receive all group messages.