| If firmware not buggy:
If Secureboot is set up to use keys which never signed any bootloader that lets you modify the system pre-login.:
Then it kind of matters. If you have a gaming board: Firmware integrity checks are mostly easy bypassable. If you use a distro's default bootloader scheme: You can compromise the OS pre-login. The CA that signed the shim, the Microsoft 3rd party CA, sogned all kinds of crap that lets you run whatever you want from that. The whole shim thing is not about security but having stuff boot smoothly without screwing with bios settings. If you want it to give you integrity, then you need to roll your own keys and make sure the firmware has no signature check bugs letting one bypass signature checks. All this is orthogonal to self sovereign systems. On Intel thats gone. You can't have a secure and sovereign firmware game without extreme extra effort. The whole secureboot roll your own keys is the next best thing of harm reduction. If we had some way of making the system actually static and separate from userdata. And a way to boot that prevents any persistent executable code from the userdata part from running. So as to have a clean state. From that on we could bind that state to unlock signing keys to sign the next version of the booted stuff.
Then we could have nice security properties minus whatever is bad in the Intel TCB. Compromise to root would actually be nicely reversible. Immutable distros exist. But they are not there yet in terms of conditional readonly-ness. |