Comment on Windows' original Secure Boot certificates expire in June—here's what you need to do
Hirom@beehaw.org 22 hours agoWould Linux have the same issue if secure boot is enabled and the certificate expire?
Secure boot is a useful security measure. But users should have the ability to install and update certs. Some hardware (vendors) might not allow this.
h_ramus@piefed.social 22 hours ago
Gives the illusion of security without being secure. Get the drive in a separate machine and, unless encrypted, secure boot is security theatre. Windows login password is similarly useless when the drive can be accessed when attached elsewhere.
Get rid of secure boot, install a granny-safe Linux distribution like Mint and get your drive LUKS encrypted.
FreedomAdvocate@lemmy.net.au 8 hours ago
Good thing windows encrypts your disk too.
Hirom@beehaw.org 21 hours ago
You’re talking of an attacker with physical access. This can indeed defeats secure boot, but physical access defeat most computer security. In an evil maid scenario even LUKS can be defeated. An attacker with physical access can clone the drive, install a keylogger (hardware or software) and capture the passphrase the next time the machine boots.
Secure Boot can be useful to prevent malware from inserting themselves into the boot process, preventing them from elevating privilege or gaining persistence www.xda-developers.com/secure-boot/
Secure Boot isn’t perfect but it’s widely available and is an useful extra layer of protection, on top of disk encryption (eg LUKS).
h_ramus@piefed.social 19 hours ago
I can’t take any Microsoft attempt at security seriously. One of the most important elements to improve security is to delete windows. Secure boot is lots of things but not secure.
FreedomAdvocate@lemmy.net.au 8 hours ago
These are all basically “if your machine is always compromised, they can also get around these other security measures” type exploits though, which are irrelevant.