Speaking from my background, it prevents someone from trying to boot using an external device to access your system, assuming you have a BIOS password in place.
Of course encrypting your drive works just as well, but security in depth demands a “why not both?” Approach
thearch@sh.itjust.works 1 month ago
It’s supposed to prevent unsigned files from being loaded by the UEFI (AFAIK) which could possibly help with rootkits, if it doesn’t somehow sign itself. However, these are pretty rare if you don’t allow sketchy software to access your boot partition, and will often cause issues with non major Linux distros.
bruhduh@lemmy.world 1 month ago
Linux mint is non major? I had dell pc refuse to boot Linux mint because of secure boot
nul9o9@lemmy.world 1 month ago
I’ve been wary of secure boot and pluton chips for this reason.
Emerald@lemmy.world 1 month ago
Then you haven’t set it up right
bruhduh@lemmy.world 1 month ago
Nah man, it didn’t even allowed to boot iso from ventoy until i disabled secure boot