If you have physical access you have full access anyway
No, encrypt your drives.
Needlessly intrusive. Can obviously be circumvented by cheaters anyway, so quite possibly superfluous. Apart from that it protects against the kinds of attacks that typically require physical access to the computer. If you have physical access you have full access anyway. Etc.
If you have physical access you have full access anyway
No, encrypt your drives.
9tr6gyp3@lemmy.world 1 day ago
You know secure boot was specifically made to protect users for this exact use case. Any tampering of the system will prevent the system from booting.
Eggymatrix@sh.itjust.works 1 day ago
I get your pc, “tamper” it, then i install a fake bios that tells you all is well and that your tpm and secureboot and whatever else bullcrap they invent is still happy.
See the problem?
Corngood@lemmy.ml 1 day ago
It won’t boot though, because the keys to decrypt the system are stored in the TPM.
Sure you could replace the whole OS, but that’s going to be very obvious and won’t allow you access to the data.
jjjalljs@ttrpg.network 1 day ago
If you have physical access you could go into the bios and turn off secure boot
atticus88th@lemmy.world 1 day ago
Isnt it possible to have a recovery key? Isnt that technically a backdoor? Maybe the terms are not correct but there is a way in physically.
Limonene@lemmy.world 1 day ago
A person with physical access can tamper with the OS, then tamper with the signing keys. Most secure boot systems allow you to install keys.
Secure boot can’t detect a USB keylogger. Nothing can.
9tr6gyp3@lemmy.world 9 hours ago
The signature checks will immediately fail if ANY tampering has occurred.
Adding a USB keylogger that has not been signed will cause a signature verification failure during boot.
Limonene@lemmy.world 9 hours ago
A USB keylogger is not detectable by the computer, not in firmware nor operating system. It passively sniffs the traffic between the USB keyboard and the computer, to be dumped out later.