I'm advocating for secure systems where I can define what I do and don't trust, not secure systems where Microsoft and ASUS define what I can and can't trust. It's as simple as that.

To use the nightclub example, I'd like to be the owner and set policy. If I want to install my own key reader on the side-door so management has a quick entrance, that's my prerogative. If I want to say "screw it" and leave a window unlocked, that's my prerogative. If I want one entrance with hardcore security, I could do that, too. I don't want it to be that Microsoft is the only one who can define policy. I don't like the idea of being forced into Microsoft Computing Fascism -- in some countries this stuff is a hair away from being law and that would make it Fascism.

Your last sentence nailed it.

"And why there are more organizations creating certificates than we care to trust."

That's the problem. It seems like we're about to be forced into trusting them even if we roll our own distribution. We can't create our own certificates to trust ourselves.

When did you last review the list of CA root authorities trusted by your browser on your behalf?

Yes. You just install a non-trusted image (I suspect Arch, Gentoo, Slack will fill this gap) and / or disable secureboot / TPM at install, or flip the switches post-install. The software isn't enforcing things here; it's the hardware / firmware that can be configured to insist upon digitial signatures on the boot environment, which is currently impossible.

If you don't like it? Configure your laptop to disable that verification, and go on your merry way.

For the rest of us not stuck in a 90s security mentality (or, being more fair, who have no desire to tinker with the boot chain) we can finally have a system that resists evil maid attacks from 2004.

It has to be configurable to be mandatory. You can encrypt the system with a PIN + TPM-escrowed key, and it will not boot if you disable the trusted boot path in UEFI. There's no reason you cannot have an option to not encrypt the system. This is how Windows has done it for *years*-- since Windows 7-- and it was perfectly fine. It only became mandatory with Windows 11 which is frankly fine because people using Win11 aren't messing with bootloaders anyways.

Just because you like oatmeal cookies, you don't need to get mad that some of us want chocolate chip cookies. No one is taking your cookie away.

Never. That's why I run browsers in sandboxes.

For the record, it's nearly impossible for me to fully review anything like that. By that I mean that I'll likely never meet the actual person behind it to blatantly ask them things like, "Are you a good person? Are you going to screw me over?" to know if I can even trust them or not. Even if I put eyes on every single certificate, all I can do is go by blind trust and assume that they're acting in good faith.

That right there, to me, is the crux of the issue. For the vast majority of people all this "Trust" relies on "Blind Trust". We have to Trust that random people working for massive corporations like Apple or Microsoft won't include their service and diagnostic backdoors. We have to Trust that Three Letter Agencies haven't infiltrated corporations like to include their hacking and spying backdoors. We have to Trust that someone, somewhere won't make a mundane mistake like getting a decimal one place off.

What we can't Trust are the things that we have control over -- ourselves, our businesses, and the people we hire, work with, and have personally vetted or the software that we prefer to use or have developed.

We have to Trust Them or have no Trust at all. Forced Trust isn't Trust. It's Trust Theater

So… to help less technical users we do stuff even more complicated to eliminate at once any chance that they can understand the underlying technology! 👏👏👏

That articles looks like a M$ PR, half of the technologies described are made in Redmond...

Anyway I am still trying to understand why do we need SecureBoot in the first place?

What a bunch of bullshit!

Running your browser in a sandbox is going to do jack shit wrt certificates, you are not getting any extra security by doing that. The whole point of root certificates is that it verifies that the data from your browser to the server is encrypted so that no person is able to inspect that data stream. Putting your browser into a sandbox doesn't change that at all.

This is no joke btw, if you actually care about security rather than mindlessly bashing what Lennart is talking about (or Microsoft for that matter), you absolutely should check your root certificates, especially if you live in a country like Kazakstan that was releasing browsers (iirc Firefox) in the public with tampered root certificates in order to allow the government to snoop in on their citizens. If you put that Firefox with tampered root certificates into sandbox, it would have solved nothing.

The kinds of things that putting your browser in a sandbox helps is dealing with some javascript/browser based exploits that can somehow access memory outside of the browser.

And in general there is a whole bunch of crazy in this thread, throwing poo at companies and people like a monkey while having the exact same intellect because you don't even know security works (both practically and theoretically) really doesn't look good.

skeevy420 Quite frankly, knowing how mutable my memory is, I'm not even sure I trust myself e.g. WITNESS CREDIBILITY 2: ACADEMIC SCRUTINY: PSYCHOLOGICAL RESEARCH AND WITNESS EVIDENCE
You are quite right about the difficulty of reviewing the list of CA roots, and so, yes, blind trust is usual. There is a schism between things that are 'officially trusted' and things that we verify ourselves that we can rely upon. I think the noise around this topic is down to people that see the latter as being inhibited or encroached upon. I would certainly like to be able to buy hardware that is not 'officially trusted', and I think most military and intelligence organisations would like to be able to do so as well, as they are not happy being forced to trust third parties. Whether non 'officially trusted' hardware is actually useful in a normal person's everyday life is a different question. Again, from my point of view, if I process data, I would like to be able to assure myself that third parties not authorised by me cannot access the data being processed, and so would many businesses. Having a root of trust controlled by an American organisation is not necessarily something that sits well with many: again, being forced to trust certain third parties is uncomfortable. Some serious thought needs to go into how a trust infrastructure should be built, and that's an area governments have not looked at in sufficient depth yet. I'm sure it will come.

I agree with the premise of what he's saying. What I don't agree with, and something he brings up that I'm parroting in this thread, is that most hardware doesn't allow us to define what is and isn't trustworthy. Like Old Grouch said, not everyone wants some random American company in charge of their security. Like you said, you can't always blindly trust due to living under a dictatorship.

I'm not bashing all that he's saying, I actually agree with quite a bit of it. I just don't like the idea of "Trust their environment or have no trusted environment at all." That's shitty.

100% agree. It's also a remarkably hard thing for the person-in-the-street to do. Most people use the built in browsers on their mobile phones, so a user-friendly process that allows a person-in-the-street to access the list of root CAs on their iOS*/Android** device and gives instructions on how to validate the trustworthiness of each entry would be great. Do you know of any such instructions? Just having the list with no procedure for evaluating trust is not, in itself, hugely helpful.


*Apple are good for the first part, if you trust their GUI: Available trusted root certificates for Apple operating systems


​

**Android is not much different: Official List of Trusted Root Certificates on Android

​