|
|
|
|
|
|
by jchw
198 days ago
|
|
|
Does Secure Boot with NixOS even make sense? In an ordinary Secure Boot setup, you get the kernel/initrd/etc. with signatures from a trusted vendor, but with NixOS it is going to obviously sign everything locally. That means that you are not protected against bootkits and a root compromise is still just as bad as ever. I suppose in combination with LUKS you could at least prevent evil maid attacks, to the extent that your machine's firmware is actually secure, but it seems like a lot of work for just that... |
|
|
I didn't have some strong security-driven mindset behind it.
That said I did also lock down my BIOS with a password (to prevent disabling secure boot).