Hacker News new | ask | show | jobs
by swe02 441 days ago
As someone who uses systemd, "boot security" is pointless. If someone has enough access to your hardware to try booting a different kernel, they have time to load a signed shim that passes secure boot and launches unsigned code.

The only boot security real users need is disk encryption.
4 comments
viraptor 441 days ago
"on a system not configured for boot security, you get no boot security" is indeed correct. If you care about boot security, your local platform doesn't give you the chance to boot custom kernels and not passing secure boot doesn't give you decryption keys.
link
fc417fc802 441 days ago
There are multiple possible configurations. Only the most basic will permit an arbitrary payload as you describe.

I've never been entirely clear about the security model when the signed shim is permitted. I assume I'm missing some nuance.

Disk encryption alone won't protect you from either persistent malware (remote) or evil maids (local).

link
bigfatkitten 440 days ago
> The only boot security real users need is disk encryption.

Which becomes easy to bypass without boot security. If an adversary can modify code that executes in the boot process, they can steal your keys.

link
teddyh 439 days ago
An adversary can usually only modify code that executes in the boot process if they already have root privileges, or if they have physical access. In either of those cases the game is already over anyway.
link
bigfatkitten 438 days ago
> or if they have physical access.

If you're not worried about physical access, then why would you encrypt your disk at all?

link
teddyh 438 days ago
Encrypted disks saves you from an unsophisticated attacker. Also, full disk encryption enables the feature of using a power plug switch as a ”lockdown mode” button.
link
craftkiller 440 days ago
> signed shim

How would they sign such a shim without my keys? I don't leave Microsoft keys enrolled on my laptop.

link
wkat4242 440 days ago
You don't but 99.99% of people do :) Especially because most Linux distros use a key signed by Microsoft by default.
link
akdev1l 440 days ago
The “people” don’t really matter.

Anyone who needs a secure boot environment is having their own MOK and probably a private CA.

link