• @[email protected]
    link
    fedilink
    English
    334 months ago

    What is Secure Boot actually good for? Serious question.

    • @[email protected]
      link
      fedilink
      English
      354 months ago

      It’s supposed to prevent unsigned files from being loaded by the UEFI (AFAIK) which could possibly help with rootkits, if it doesn’t somehow sign itself. However, these are pretty rare if you don’t allow sketchy software to access your boot partition, and will often cause issues with non major Linux distros.

      • bruhduh
        link
        English
        9
        edit-2
        4 months ago

        I had dell pc refuse to boot Linux mint because of secure boot

        • @nul9o9
          link
          English
          63 months ago

          I’ve been wary of secure boot and pluton chips for this reason.

        • @Emerald
          link
          English
          -13 months ago

          Then you haven’t set it up right

          • bruhduh
            link
            English
            43 months ago

            Nah man, it didn’t even allowed to boot iso from ventoy until i disabled secure boot

              • @Emerald
                link
                English
                13 months ago

                I just don’t bother with secure boot as its not in my threat model. I turn it off

            • @Emerald
              link
              English
              13 months ago

              Well of course, thats the setup. Disabling secure boot. If it didn’t stop you from booting a third party OS without you toggling that BIOS option, then the security feature would be pointless.

              • bruhduh
                link
                English
                13 months ago

                Imagine if in the future that option becomes untouchable

                • @Emerald
                  link
                  English
                  13 months ago

                  Then it would be an issue and I would not suggest anyone buy those machines

    • @[email protected]
      link
      fedilink
      English
      103 months ago

      Speaking from my background, it prevents someone from trying to boot using an external device to access your system, assuming you have a BIOS password in place.

      Of course encrypting your drive works just as well, but security in depth demands a “why not both?” Approach