Originally posted by You-
View Post
Announcement
Collapse
No announcement yet.
GNOME To Warn Users If Secure Boot Disabled, Preparing Other Firmware Security Help
Collapse
X
-
- Likes 2
-
-
Originally posted by xcom View PostI thought SecureBoot and TPM are M$'s crap. Why show it now?
If you moved out to the country would you stop locking your front door?
- Likes 1
Comment
-
Originally posted by mb_q View PostSecure Boot is cool but its implementations are nonsense. I've tried enrolling user keys and signing the kernel on a few machines, and the story was the same --- verification was working ok, but a fw reset (removing CMOS battery, proper switch on the motherboard) was enough to jump back to the default SB state with my keys deleted.
So it is either this or using a machine with MS keys baked in, with a MS-approved bootloader blob, not a substantially tempting option.
I suspect the same story applies to all other switches this tool checks; without coreboot one has to trust the firmware, and these are traditionally totally unreliable, most vendors are more concerned with bloating them with kitsch fan animations that moving their quality anywhere higher than "somewhat seems to work for us".
- Likes 1
Comment
-
-
Originally posted by ClosedSource View PostThere is a lot of over-obsession with security. It's like how you get murdered on windows11 news websites if you still use xp or win7.
- Likes 2
Comment
-
Originally posted by birdie View Post
I hate the idea of giving the user a false sense of security. Once Linux distros get their act together and start signing all system binaries, then we can have a conversation.
- Likes 1
Comment
-
Originally posted by sinepgib View Post
Agreed on everything, specially the need for Coreboot.
Comment
-
Originally posted by andyprough View Post
Yes, that's why all those millions of compromised desktop boxes in the massive botnet swarms are always Linux systems.
Oh wait, no - they are all Windows boxes. How odd.
- Likes 2
Comment
-
Originally posted by mdedetrich View Post
Yup exactly, the core principles behind SecureBoot and TPM are actually quite sound its just the implementation is absolute s**t. I think this is more of a result of crappy software that motherboard makers produce rather than Microsoft specifically (obviously the BIOS will have Microsoft keys as default and there isn't really such a thing as a "linux key" unless its a shim at which point SecureBoot is kinda pointless).
- Likes 1
Comment
Comment