Comment by ahepp
1 month ago
https://0pointer.net/blog/authenticated-boot-and-disk-encryp...
Yes, system data should be locked to the system with a TPM. That way your system can refuse to boot if it's been modified to steal your user secrets.
1 month ago
https://0pointer.net/blog/authenticated-boot-and-disk-encryp...
Yes, system data should be locked to the system with a TPM. That way your system can refuse to boot if it's been modified to steal your user secrets.
... and it will also refuse to boot if it has been modified by the user.
Preventing this was the reason we had free software in the first place.
Increasing security for the system owner will necessarily decrease the ability of others to modify the system in ways the owner doesn't like.
With "owner" not being the legal owner, but Microsoft.
And if Linux$oft suddenly decides every user's system needs a backdoor or that every system mus automatically phone home with your entire browsing data, then, well, too bad, so sad of course!
Jesus.
Unless you're one of the 0.00000000001% of humans using a farm-to-table laptop with coreboot, what's stopping that from happening today?
How exactly would this happen.