Sometimes, I HATE secure boot

pebcak · July 24, 2021, 12:59pm

A rare stance in the post-truth era

freebird54 · July 24, 2021, 2:40pm

Becoming rarer - but I tend to agree. However - I look through the code where I can to see if I can spot an alternate math library, or variable redefinition that invalidates what appears to be true from that source!

ricklinux · July 24, 2021, 3:00pm

I just think it’s Microsoft garbage!

Kresimir · July 25, 2021, 4:51am

As most things that come from M$, it’s a misnomer. There is nothing secure about it. A more apt name would be DRM-boot.

nadb · July 25, 2021, 11:56pm

Secure boot is a wonderful concept until you really think about what it means. A string of trusted signatures direct form the manufacturer and microsoft…institutions with air tight security who screen all their employees for the utmost trustowrothiness…hahahahaha, roflmao. Microsoft has los tthe golden keys at least once, probably more than once, along with who knows how many borked sigs on the way. The only implementation i know of where signed firmware actually works to some degree is where you literally go through and self sign the entire stack. Good luck staying on top of that mess, and not introducing a vulnerability yourself. It is actually horrible idea, creating a pain point, a hurdle to actually handling a security issue. Chains of trust work well when they are meant to be living, active chains. When you get package updates it is the end of a chain of trust, one that is observed daily, by many users, resulting in a potential problem being placed under some scrutiny on a daiy basis. It is observable making it fixable. UEFI is the equivalent of blind trust that, everyone in the chain is good to go, that everyone is competent, that everyone is thinking of security at all times, and that no one will screw up (if they do, you sure as hell won’t know). Don’t use it, it is just like trusting the encryption algorithm on a self encrypting drive, poorly written, closed source, and begging to be cracked like an egg.

Dev0ut · July 25, 2021, 11:59pm

Basically a wolf in a sheep clothes xd

ricklinux · July 26, 2021, 1:00am

Nothing wrong with UEFI. It’s 1000X better than Bios! We don’t need secure boot to have UEFI.

Edit: The issue is secure boot not UEFI. UEFI just supports secure boot.

nadb · July 26, 2021, 2:03am

You are correct. I meant to say UEFI with Secure Boot enabled.

ricklinux · July 26, 2021, 2:44am

I might have exaggerated a bit saying UEFI is 1000x times better than Bios because i"m sure there are people who might argue that point. But, there is definitely a lot of reasons why UEFI is better in my opinion. Faster boot times, discrete driver support, 32 bit & 64 bit support, secure boot support, more addressable address space, slicker set up screens, UEFI firmware is easier to update etc…

Edit: It also works well with rEFInd! Which is awesome.