No it's not. It has its own set of problems. And bugs too! KVM has its pluses too, I agree, it's a VMM in kernel mode which apparently makes it faster, it is very non-intrusive to the rest of the kernel and hence got readily accepted upstream and so some might argue in that sense that it's better. But even though I have been hacking into KVM recently, for running a VM at home on my laptop/PC, I will always opt for VirtualBox for its simple ease of usage.
Not just the bootloader, from what I understand, the whole OS needs to be signed : drivers in particular or anything else that could talk to the firmware. So, they need to be signed too. With OSes such as Linux, I don't even know if it's technically possible to do that from a license point of view.
No, it is just the bootloader (same way the Android phones work), though MS could craft their signed bootloader to also verify the NT kernel (which would make sense).
The other problem is, in the original article that was published on this topic, that apparently the Linux/grub boot process will be changing so that the "kernel is part of the bootloader", so I think that adds to the complexity of the idea of signing either the bootloader or "the whole OS" (whatever that means anyway.
Yes, you are right. Actually, it's just the bootloader. So, technically Microsoft can come up with a bootloader (GPLed) that can boot Linux or modify the current one. My bad!
Regarding the "kernel is part of the bootloader" idea, I think that was just an idea :) That's not happening anytime soon, although you can give Linux as a stage 2 payload directly to coreboot currently.
And UEFI fans can still use it as a payload to coreboot! Although I am not sure why anyone would be a fan of UEFI. An extra layer of abstraction on top of BIOS ? Wait, why ?
I came here exactly with the same question! To build my company from ground up, I need to work for it. But how can I do that if I am already working full time for my current employer ?
