Had some hardware issues, when I reassembled the pc got some uefi reset message and the system didn’t boot with some grub_malloc message. I suspect it was some secure boot issue, didn’t have patience to investigate. Packaged it up and sent it to the service.
Anyway, now I started thinking about what actually can happen without secure boot. On a regularly updated system some remote actor somehow installs some infected kernel? Read some posts here on the forum, seems to me some people don’t use secure boot at all, but didn’t find a post where someone explains it in more detail what could happen realistically. No one else has physicall access to this pc. I don’t even encrypt my disks, so idk how does secure boot actually help if some hacker has physicall access to an unencrypted system. I doubt that someone could remotely exploit an updated linux system, doesn’t really matter what services and programs I’m using.
Sorry if I sound ingnorant, but for me a lot of security vulnerabilities seem to be too hard to exploit with a general algorithm. So many linux system environments that manual exploits are the only viable way. Maybe it’s easier to automate non-rolling distros.
I have already disabled AMD fTPM, it caused stuttering(even in windows)… Who knows what other stupid stuff my uefi has…
Started using linux on my laptop like two years ago, until then I didn’t even know about secure boot, just had to look into it, when it made installing ubuntu a bit too complicated, took me a few hours until I made it work… Never really questioned if I need it at all.
Most install guides don’t even mention, that it’s probably useless for an everyday pc…
I just don’t know, why I didn’t really came across the advice before, that it might not be the worst idea to disable secure boot. Had problems with it, when I first installed eos too… Until now, for me, it just made installing Linux harder.
I feel like, there should be more footnotes in Linux install guides, about ditching secure boot.
As far as I’m concerned one should always disable secure boot no matter what OS you are running. Along with that CSM or whatever it’s called by the particular mobo manufacturer and TPM.