AFAIU (I haven't looked much into it) shim basically exists so that MS signs the shim once (or only a few times when updated), which has the distro public key embedded, which does further verification of the chain (bootloader/kernel) which gets updated more frequently.
I hope you are mistaken. It's embarrassing how far behind in security the desktop Linux ecosystem is.
Agreed in general. But regarding secure boot, it's not like shim actually helps with real security either afaiu, right?
AFAIU (I haven't looked much into it) shim basically exists so that MS signs the shim once (or only a few times when updated), which has the distro public key embedded, which does further verification of the chain (bootloader/kernel) which gets updated more frequently.
4 replies →
I believe you are confusing security with freedom and "behind" with "advanced".
They have a TPM that you can enable and add your own keys if you want to.
For now.