Hacker News new | ask | show | jobs
by jmclnx 3 hours ago
It needs to be said, this is what you get by "trusting" Microsoft.

There really is no need for secure boot in Linux. The only reason to have it is if you dual boot because M/S says so. If using Linux by itself, just disable secure boot and have done with it.
2 comments
chlorion 2 hours ago
I disagree that there is no need for secure boot for Linux?

Secure boot prevents tampering of your kernel and/or bootloader, nothing about Linux prevents this from being possible.

You might argue that you don't care about this, but some people such as myself do!

link
Cloudef 1 hour ago
> Secure boot prevents tampering of your kernel and/or bootloader, nothing about Linux prevents this from being possible.

By trusting another chain of trust and firmware binary blobs involved in booting your PC.

Secure boot exists only as one of the puzzle pieces for remote attestation for MS and trusted OEMs, nothing to do with your security.

link
Borealid 2 minutes ago
If you want yourself to be the root of trust, you CAN generate and use your own keys for secure boot.
link
chlorion 48 minutes ago
>By trusting another chain of trust and firmware binary blobs involved in booting your PC.

So what? I'm still preventing a random person from tampering with my bootloader?

link
cute_boi 2 hours ago
I don’t know why we ended up trusting microslop. Red Hat implemented it for the sake of convenience causing all these issue.
link