Comment on The creator of systemd wants your entire system validated by SecureBoot
jj4211@lemmy.world 1 week agoThe thing is in such a case secureboot doesn’t help and is unnecessary. Secureboot only does anything for the concept of “trusted suppliers”.
If the system has available signing keys for itself, well, hypothetical malware could sign itself using those same keys The OS security mechanisms are the only things protecting that, and in which case the signature validation is redundant.
You can have trusted boot, e.g. LUKS volume sealed to TPM PCRs, but secureboot just doesnt make sense as a mechanism for a user to only trust themselves.
nyan@lemmy.cafe 1 week ago
Thing is, that means you don’t really own the hardware that you buy, because a corporation is dictating what you can do with it even though it doesn’t belong to them. Most of us consider that unacceptable.