← Back to context

Comment by fc417fc802

9 hours ago

I want an equivalent of boot guard that I hold the keys to. Presented only with a binary choice certainly having boot guard is better than not having it if physical device security is in question. But that ought to be a false dichotomy. Regulation has failed us here.

2 comments

fc417fc802

Reply
kachapopopow  4 hours ago

that defeats the point, having the "keys" allows malicious actors to perform the same kind of attacks... trust is protected by trusted companies...

certificate companies sell trust, not certificates.

  • fc417fc802  3 hours ago

    Me managing my own (for example) secure boot keys does not inherently enable malicious actors. Obviously unauthorized access to the keys is an attack vector that whoever holds them needs to account for. Obviously it's not risk free. There's always the potential that a user could mismanage his keys.

    There's absolutely no excuse for hardware vendors not to provide end users the choice.

    > trust is protected by trusted companies...

    The less control of and visibility into their product you have the less trustworthy they are.