Announcement

**dragon321** · 14 March 2024, 06:52 AM

Secure Boot is pretty good idea but the fact it's Microsoft who decides who should get the key is stupid. That should be managed by some independent forum of motherboards manufacturers not by operating system developers. I don't get why Microsoft got tons of lawsuits for Anti-competitive practices in the 90's and beginning of the 2000's but now everybody is fine with them managing Secure Boot keys (so in fact deciding who is allowed to boot) or buying game studios and turning multi platform games into exclusives. It seems that all you need to do is making some open source projects, acting like friendly company and you can do whatever you want.

**luno** · 14 March 2024, 07:44 AM

Originally posted by dragon321 View Post

Secure Boot is pretty good idea but the fact it's Microsoft who decides who should get the key is stupid. That should be managed by some independent forum of motherboards manufacturers not by operating system developers. I don't get why Microsoft got tons of lawsuits for Anti-competitive practices in the 90's and beginning of the 2000's but now everybody is fine with them managing Secure Boot keys (so in fact deciding who is allowed to boot) or buying game studios and turning multi platform games into exclusives. It seems that all you need to do is making some open source projects, acting like friendly company and you can do whatever you want.

it is weird how this is even allowed outside US

**M.Bahr** · 14 March 2024, 08:32 AM

Originally posted by DanL View Post

SecureBoot causes more problems than it solves.

Especially when Microsoft accidentally leaks a "golden key" for "Secure Boot" like some years ago, that turns the so called "Secure Boot" into a back door,

Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

https://arstechnica.com/information-technology/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/

Microsoft quiet as researchers spot debug mode flaw that bypasses OS checks.

**Rovano** · 14 March 2024, 08:53 AM

Originally posted by M.Bahr View Post

Especially when Microsoft accidentally leaks a "golden key" for "Secure Boot" like some years ago, that turns the so called "Secure Boot" into a back door,
https://arstechnica.com/information-...ks-golden-key/

I read a recent article from security experts about EFI being poorly thought out. Just push the code into the new UEFI update with malware or changed logo file. And then God's will be done.
I wouldn't be surprised if it was intentional.

https://youtu.be/2QFJLszvDwg?t=327

Whenever I say something about such things somewhere, no one responds. I'm glad people's eyes are finally opening as more things become public.

Nowadays, one cannot even be sure what code is running on which device. We can only hope.

I have seen many times in practice how some companies work.
For example, one released a faulty BIOS update and blew up everyone's motherboard. If the person did not have a programmer.
The best part was that the faulty BIOS was hanging around for download for years.
Yes, it was and is one of the largest manufacturers in the world.

**mlau** · 14 March 2024, 09:33 AM

Originally posted by F.Ultra View Post

Well they control the master key for UEFI secure boot so that ship have sailed a long time ago. And forcing end users to install their own keys won't fly with the public at large.

They don't control the master key -- it's just that every x86 board vendor ships the MS key by default, so it's basically the one key that is available everywhere out of the box.

**Weasel** · 14 March 2024, 11:06 AM

Originally posted by rabcor View Post

This is so wrong...

The solution is simple, disable that worthless feature and ur good. Seriously, secure boot doesn't even do anything, it literally only exists as a nuisance.

Even if you're a, as ahrs said "high-value target" you have much bigger problems if someone has the phyhsical access to your pc needed for secure boot to actually do anything; and at that point, a little thing like secure boot isn't gonna stop them, secure boot is a stupid feature to enable by default because you need at bare minimum password protected bios for it to even theoretically do anything for you.

The only exception is if you're dumb enough to be flashing your bios or booting from untrusted sources, at which point secure boot won't save you either, it isn't the cure for stupidity.

Secure Boot should honestly just be named Microsoft Boot, it's more about increasing microsoft's control over average PC users who aren't tech savvy than it is about securing anything.

Finally someone sane on this forum when it comes to pseudo security hysteria.

**elaforma** · 15 March 2024, 03:55 AM

To be fair, in the 80s and 90s there were quite a few boot sector viruses. It makes sense that a new generation of firmware wants to prevent those. It doesn't make sense that Microsoft is at the helm, and that it is getting more and more difficult to boot something other than Windows.

On one of my previous laptops, I had to go into the BIOS settings and actively enable the UEFI third party key before I could boot Ubuntu. No thanks, GTFO.

**dragon321** · 16 March 2024, 01:12 PM

Originally posted by luno View Post

it is weird how this is even allowed outside US

Yeah, EU used to fight with Microsoft monopoly but now they are accepting whatever Microsoft does.

**rabcor** · 30 March 2024, 01:46 PM

Originally posted by dragon321 View Post

Yeah, EU used to fight with Microsoft monopoly but now they are accepting whatever Microsoft does.

Were they really fighting it, or just putting on a little show to make the masses think they were fighting it so when microsoft does more shady shit they'll just assume that they're still fighting it when in reality they never were?

I mean I've seen this strategy used a lot to throw us all off. Like apple fighting the us government (Hah, who would even believe that shit?).

Announcement

Linux 6.9 Makes A Change To Satisfy Microsoft For EFI x86 Shim Loader Signing

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment