| > The open source feature of Secureboot is true only if you have replaced the laptop firmware with Coreboot, which is compatible only with few, mostly old, laptops. Plenty of newer stuff that is explicitly open like the system 7 and framework stuff also. > Even in that case, a laptop with Coreboot will still use closed-source components that cannot be trusted, As does any solution relying on a BIOS. > If someone steals the device, I cannot see any difference between our 2 setups. In my setup, if the laptop is stolen, the thief is able to use a limited OS that give them all the functionality they would need while running a locator service in the background, allowing the hardware to be recovered, while preventing access to encrypted data. It doesn't sound like your setup allows for that. > However in the case that relies on the internal firmware and TPM to protect the keys, there are more sophisticated hardware attacks against the motherboard, No matter what, using a BIOS makes you a lot more vulnerable than using any form of secure boot. It's a significantly more vulnerable standard. |
> As does any solution relying on a BIOS
Not true: https://news.ycombinator.com/item?id=44241911