Comment by charcircuit
21 days ago
I hope you are mistaken. It's embarrassing how far behind in security the desktop Linux ecosystem is.
21 days ago
I hope you are mistaken. It's embarrassing how far behind in security the desktop Linux ecosystem is.
Agreed in general. But regarding secure boot, it's not like shim actually helps with real security either afaiu, right?
AFAIU (I haven't looked much into it) shim basically exists so that MS signs the shim once (or only a few times when updated), which has the distro public key embedded, which does further verification of the chain (bootloader/kernel) which gets updated more frequently.
That's basically my understanding too. But since you can still boot any shim-supported distro, Secure Boot + shim practically gains you nothing. An adversary can simply boot their own own copy of shim with whatever OS they like.
3 replies →
I believe you are confusing security with freedom and "behind" with "advanced".
They have a TPM that you can enable and add your own keys if you want to.
For now.