Comment by Mindwipe

Comment by Mindwipe 2 days ago

4 replies

View on Hacker News

It does mean that a signed OS image is running, so demonstrates that the kernel was unaltered at start-up.

It also demonstrates further levels of driver signing robustness.

krelian 2 days ago

I'm not really familiar with Secure Boot too much. Researching suggests that users can add their own keys so they are trusted by UEFI. Won't this resolve for linux users that must have secure boot on?

Reply View 3 replies
  • 999900000999 2 days ago

    It's usually a giant pia.

    Some distros support it, some make it really difficult.

    I like to distro hop. I'll often have to try two or three to get to a working system.

    Reply View 1 reply
    • arcfour 13 hours ago

      I've had no issues setting it up with Fedora and Ubuntu with kmods/Nvidia drivers. I just say I want it, and I have it. It's really easy now.

      Reply View 0 replies
  • Mindwipe 18 hours ago

    No, it's not a given that users can add their own keys - certainly in an anticheat scenario they probably couldn't, or at least if they did then key attestation would stop working.

    Reply View 0 replies