Secure Boot is completely broken on 200+ models from 5 big device makers

Xatolos@reddthat.com to Technology@lemmy.world – 312 points –
Secure Boot is completely broken on 200+ models from 5 big device makers
arstechnica.com
77

You are viewing a single comment

What is Secure Boot actually good for? Serious question.

It's supposed to prevent unsigned files from being loaded by the UEFI (AFAIK) which could possibly help with rootkits, if it doesn't somehow sign itself. However, these are pretty rare if you don't allow sketchy software to access your boot partition, and will often cause issues with non major Linux distros.

I had dell pc refuse to boot Linux mint because of secure boot

I've been wary of secure boot and pluton chips for this reason.

Then you haven't set it up right

Nah man, it didn't even allowed to boot iso from ventoy until i disabled secure boot

Well of course, thats the setup. Disabling secure boot. If it didn't stop you from booting a third party OS without you toggling that BIOS option, then the security feature would be pointless.

Imagine if in the future that option becomes untouchable

Then it would be an issue and I would not suggest anyone buy those machines

2 more...
2 more...
2 more...
2 more...

Speaking from my background, it prevents someone from trying to boot using an external device to access your system, assuming you have a BIOS password in place.

Of course encrypting your drive works just as well, but security in depth demands a “why not both?” Approach

2 more...