Yup. Securing your “supply chain” is a VERY VERY good thing to do from a security standpoint and secure boot is one step toward that.
Secure boot can be used as part of a chain that eventually ends with unlocking your cryptographic keys only if the software stack has not been modified.
Sure, for most people that’ll make little difference, but it is an actual benefit.
NuXCOM_90Percent@lemmy.zip 5 days ago
pathief@lemmy.world 5 days ago
The problem is that I have not yet met a single human who enables a bios password. An attacker can simply boot the bios and disable it.
cadekat@pawb.social 5 days ago
Hi, I’m cadekat, and I have a bios password and custom keys in my secure boot. Pleasure to meet you :3
pathief@lemmy.world 4 days ago
I admire you, friend!
frongt@lemmy.zip 5 days ago
No, they can’t. The BIOS prompts the user to confirm the change on reboot. If the change is not confirmed, it doesn’t happen.
NuXCOM_90Percent@lemmy.zip 5 days ago
First, Yo. Doesn’t even need to be a good password.
Second, what you are describing is something very different. Outside of very rare situations (most of which theoretical or specifically targeting a specific system by a state level actor), to be able to “boot the bios and disable it” would generally mean the machine is already VERY compromised or the bad actor has physical access to the machine.
A good way of thinking of it is that secure boot isn’t the lock on the door. It is the peephole that you look through to make sure that the person with your pizzas is from Georgio’s AND you actually ordered pizza. Rather than just opening the door because “Yo, free food”.
On its own? It doesn’t do much. But it goes a LONG way towards improving security when combined with other tools/practices.
WEFshill202@lemmy.world 5 days ago
The fuck is ea doing here though, overreaching like Mastercard. My machine is machine.