charcircuit 5 days ago

I hope you are mistaken. It's embarrassing how far behind in security the desktop Linux ecosystem is.

Reply View 9 replies
  • jcgl 4 days ago

    Agreed in general. But regarding secure boot, it's not like shim actually helps with real security either afaiu, right?

    Reply View 5 replies
    • NekkoDroid 4 days ago

      AFAIU (I haven't looked much into it) shim basically exists so that MS signs the shim once (or only a few times when updated), which has the distro public key embedded, which does further verification of the chain (bootloader/kernel) which gets updated more frequently.

      Reply View 4 replies
      • jcgl 4 days ago

        That's basically my understanding too. But since you can still boot any shim-supported distro, Secure Boot + shim practically gains you nothing. An adversary can simply boot their own own copy of shim with whatever OS they like.

        Reply View 3 replies
  • egorfine 4 days ago

    I believe you are confusing security with freedom and "behind" with "advanced".

    Reply View 0 replies
  • trelane 4 days ago

    They have a TPM that you can enable and add your own keys if you want to.

    Reply View 1 reply