Surely the greater news with this bug is that SecureBoot doesn't succeed in doing what it was designed to? (Which IIRC also happened with Windows' EFI handling a few years ago? I forget the details...)
So it's another case of "if malicious actor has root/admin, you're screwed". Which really should be the first disclaimer on any system, because it's always true - some of the things anyone compromising a system can do are more (or less) obvious than others, of course.
For the truly paranoid about this, I remember reading a guide a couple of years ago setting up Gentoo with the bootloader on a USB stick which could be pulled out as soon as the OS was up. Hard to do malicious mods to the bootloader if it's missing...
So it's another case of "if malicious actor has root/admin, you're screwed". Which really should be the first disclaimer on any system, because it's always true - some of the things anyone compromising a system can do are more (or less) obvious than others, of course.
For the truly paranoid about this, I remember reading a guide a couple of years ago setting up Gentoo with the bootloader on a USB stick which could be pulled out as soon as the OS was up. Hard to do malicious mods to the bootloader if it's missing...
Comment