[aquayellow]

Not just the bootloader, from what I understand, the whole OS needs to be signed : drivers in particular or anything else that could talk to the firmware. So, they need to be signed too. With OSes such as Linux, I don't even know if it's technically possible to do that from a license point of view.

[drivebyacct2]

No, it is just the bootloader (same way the Android phones work), though MS could craft their signed bootloader to also verify the NT kernel (which would make sense).

The other problem is, in the original article that was published on this topic, that apparently the Linux/grub boot process will be changing so that the "kernel is part of the bootloader", so I think that adds to the complexity of the idea of signing either the bootloader or "the whole OS" (whatever that means anyway.

[aquayellow]

Yes, you are right. Actually, it's just the bootloader. So, technically Microsoft can come up with a bootloader (GPLed) that can boot Linux or modify the current one. My bad!

Regarding the "kernel is part of the bootloader" idea, I think that was just an idea :) That's not happening anytime soon, although you can give Linux as a stage 2 payload directly to coreboot currently.