Sometimes, I HATE secure boot

tlmiller76 · July 23, 2021, 10:42pm

So, been trying to get the BIOS updated on my T14 for 3 days. The latest bios just WOULD NOT boot from USB after doing a geteltorito to the iso and throwing it on USB via usbimager. Tried different USB’s, downloaded the image fresh, tried download older images and replacing the EFI folder on the image with an older one. Yeah, ultimately it was because I had turned on secure boot to test if the Debian kernel was signed or not, and forgot to turn it back off…

Kresimir · July 23, 2021, 10:47pm

Unlike you, I always hate secure boot.

ricklinux · July 23, 2021, 11:00pm

It only belongs on Windows. I hate Windows more!

BONK · July 23, 2021, 11:50pm

Secure boot can eat a bag of

Echoa · July 24, 2021, 1:08am

Secure Boot is a nice idea but in practice Ive seen it cause more harm than good for users. Same goes for the pin instead of password option in windows 10. The catch to the pin is if s%^t hits the fan and you NEED to get into safemode you cant using a pin.

fbodymechanic · July 24, 2021, 1:09am

Eggplant?

Echoa · July 24, 2021, 1:09am

yes…eggplant

wordler · July 24, 2021, 7:54am

Injustice to Eggplants! Eggplants are a far superior product than either Secure Boot or Windows. I can eat a whole one, especially if spiced up Indian style. I’m not too sure about a whole bag though…

zoli62 · July 24, 2021, 8:13am

Microsoft itself describes that it is recommended that you turn off Secure Boot in some cases. https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/disabling-secure-boot

keybreak · July 24, 2021, 8:41am

What is nice about it in the first place?
It’s basically made to be a “DRM for OS” by M$ to ensure other systems will be pain in the rear end of less tech savvy users…

Also user nobody asked for it

Echoa · July 24, 2021, 9:18am

It allows the system to verify that the firmware/code that youre attempting to boot is legit. Its a good idea from a security standpoint regardless of the opinion about MS.

Chain of Trust is a good idea, but secure boot just tends to be a pain more than helping.

Echoa · July 24, 2021, 9:26am

Well many people have sorta without saying anything. You have to look at things from the perspective of the average user. People see updating their system and “inconvenient” and will frequently go months or even years without doing it without knowing their system is vulnerable. Secure Boot in this case helps to try and mitigate at least some of the potential attack surface.

Its much like looking at the requirements for W11, while i dont like them as an enthusiast or having to deal with the e waste itll cause and the fact that the bar is kinda stupidly high CPU wise among other reasons I GET it.

Microsoft has the market regardless of what we think on it and they need to consider the fact that with so many systems they cant guarantee will be managed well (and they most of the time wont). Implementing some sort of minimum level of security for certain aspects of the system is an absolute must and Secure Boot is one of those.

keybreak · July 24, 2021, 9:38am

I dare to see even one system / user saved by Secure boot.

It’s a joke. Absolutely non-sense stuff, theoretically it make sense to even start thinking about security of hardware / chain of trust for OS, only if you’re going against government and into serious stuff…

And guess what, M$ Windoze is not exactly a great idea for any of that
It’s a spyware

Mmmm…i’m so comfortable that my spyware is genuine, i can sleep safe

Echoa · July 24, 2021, 9:47am

Im not making an claims on the efficacy of it or agreeing with the kinda control microsoft has over it or anything regarding Windows in regards to security. Im simply stating from a security stand point its another way to reduce the attack surface.

Do we really need to so blindly hate MS that we cant see when something is at least somewhat of a good idea? Implementation and how its handled may not be great but the fewer modes of attack the better. Ideally it would be open and not a microsoft thing but its not a bad concept.

keybreak · July 24, 2021, 9:48am

YES!

Also i think it’s not a good idea, it’s “false sense of security” idea, but that’s just me…good old tin foil hat wearer.

Echoa · July 24, 2021, 9:54am

Same can be said of the people that think Viruses dont exist for Linux or OSX. Reducing the attack surface =/= magically safe as its impossible to be completely safe in regards to software/computers.

Not adding layers of security just because it could potentially be broken (or we dont like who had the idea)doesnt make it “false” or a bad idea. If we went with that line of thought then why patch anything ever? Its just a false sense of security no?

keybreak · July 24, 2021, 10:00am

Nonsense.
It has nothing to do with patches or “viruses not exist of…insert coin” bs.

I don’t care who would add it (M$ just made it more spicy because of implementation and malicious purpose, let’s face it ) be it M$, Ubuntu, Arch - it’s to me just a bad idea.

I argue it’s not layer of security at all, apart from name.
And yes adding more bloat will always make things more breakable and less secure

Echoa · July 24, 2021, 10:07am

Well we can agree to disagree I suppose as you seem to have a very hard line stance against the very concept and I’m tired.

The talking about viruses was equating the idea of a “false sense of security” which people get when they use Linux, FreeBSD, OSX, etc. and become brazen with that sense thinking nothing can touch them which is absolutely false.

flyingcakes · July 24, 2021, 10:43am

No. We don’t need to hate MS for everything they do. I trust them to never to anything in favor of user, but when they say 2+2=4, I rather agree than show my hate.

My stance on Secure Boot is prety much what @Echoa said. Good in theory. Ruined in implementation.

keybreak · July 24, 2021, 10:46am

Sure, let’s wait when they’ll say that
So far i haven’t heard