Comment by direwolf20

Comment by direwolf20 5 days ago

2 replies

View on Hacker News

Secure boot is initialized by the first person who physically touches the computer and wants to initialize it. Guess who that is? Hint: it's not the final owner.

It's only secure from evil maker attacks if it can be wiped and reinitialised at any time.

Cu3PO42 5 days ago

You seem to be under the impression that you cannot reset your Secure Boot to setup mode. You can in the UEFI, doing so wipes any enrolled keys. This, of course assumes you trust the UEFI (and hardware) vendors. But if you don't, you have much bigger problems anyway.

Is it possible someone will eventually build a system that doesn't allow this? Yes. Is this influenced in any way by features of Linux software? No.

Reply View 1 reply
  • uecker 5 days ago

    It is certainly influenced by the features of Linux software. If Linux does not support this then this preserves a platform as an escape route where this is not possible and this substantially reduces the incentive to provide certain content and services (!) only when this is enabled.

    Reply View 0 replies