this post was submitted on 25 Jul 2024
315 points (99.1% liked)

Technology

59534 readers
3209 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] pastermil@sh.itjust.works 33 points 3 months ago (2 children)

What is Secure Boot actually good for? Serious question.

[–] thearch@sh.itjust.works 35 points 3 months ago (1 children)

It's supposed to prevent unsigned files from being loaded by the UEFI (AFAIK) which could possibly help with rootkits, if it doesn't somehow sign itself. However, these are pretty rare if you don't allow sketchy software to access your boot partition, and will often cause issues with non major Linux distros.

[–] bruhduh@lemmy.world 9 points 3 months ago* (last edited 3 months ago) (2 children)

I had dell pc refuse to boot Linux mint because of secure boot

[–] nul9o9@lemmy.world 6 points 3 months ago

I've been wary of secure boot and pluton chips for this reason.

[–] Emerald@lemmy.world -1 points 3 months ago (1 children)

Then you haven't set it up right

[–] bruhduh@lemmy.world 4 points 3 months ago (2 children)

Nah man, it didn't even allowed to boot iso from ventoy until i disabled secure boot

[–] SSJMarx@lemm.ee 2 points 3 months ago (1 children)

With Debian I think I was able to load the appropriate keys after installing the OS and then re-enable secureboot in the bios. Might be worth checking into.

[–] Emerald@lemmy.world 1 points 3 months ago

I just don't bother with secure boot as its not in my threat model. I turn it off

[–] Emerald@lemmy.world 1 points 3 months ago (1 children)

Well of course, thats the setup. Disabling secure boot. If it didn't stop you from booting a third party OS without you toggling that BIOS option, then the security feature would be pointless.

[–] bruhduh@lemmy.world 1 points 3 months ago (1 children)

Imagine if in the future that option becomes untouchable

[–] Emerald@lemmy.world 1 points 3 months ago

Then it would be an issue and I would not suggest anyone buy those machines

[–] TexMexBazooka@lemm.ee 10 points 3 months ago

Speaking from my background, it prevents someone from trying to boot using an external device to access your system, assuming you have a BIOS password in place.

Of course encrypting your drive works just as well, but security in depth demands a “why not both?” Approach