i heard that linux users dont rlly like secure boot
this post was submitted on 25 Jul 2024
316 points (99.4% liked)
Technology
58712 readers
4013 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
They don't like it because it's mostly implemented in microsofts favor. It's shipped with microsoft keys by default and needs to be disabled to boot a lot of linux distros. If there was a more unbiased way to load a new os like a default key setup routine at first boot or a preinstalled key for major linux distros they wouldn't be so hostile towards secure boot. The technology isn't bad and it's the only way to not have somebody temper with your system at rest without TPM.
i agree and makes sense
I don't speak for all Linux users, but it's not like we don't like the tech or the concept... We don't like it because a lot of the time it's just another way for Microsoft to throw around their weight, you need a valid key to sign your kernel images with to be able to boot another OS instead of Windows, and some motherboards don't support installing your own keys as trusted keys. But usually there are ways around that issue nowadays.
And also it's not an easy process if you're not an advanced user of sorts. You have to know what is entailed, what to use, where to store your keys safely, have a script to re-sign the kernel image every kernel update(which happens every week on something like Arch), etc.
ngl i got fedora secure boot working with microsoft uefi keys it required some tinkering
Which is dumb. Secure Boot does make sense (if handled correctly, unlike here).
agree???
Clearly, the solution is to just abandon all ~~hope~~ higher level abstraction. Pedal to the metal with Assembly (and maybe LISP and Forth) straight from boot
What is Secure Boot actually good for? Serious question.
Speaking from my background, it prevents someone from trying to boot using an external device to access your system, assuming you have a BIOS password in place.
Of course encrypting your drive works just as well, but security in depth demands a “why not both?” Approach
It's supposed to prevent unsigned files from being loaded by the UEFI (AFAIK) which could possibly help with rootkits, if it doesn't somehow sign itself. However, these are pretty rare if you don't allow sketchy software to access your boot partition, and will often cause issues with non major Linux distros.
I had dell pc refuse to boot Linux mint because of secure boot
Then you haven't set it up right
Nah man, it didn't even allowed to boot iso from ventoy until i disabled secure boot
Well of course, thats the setup. Disabling secure boot. If it didn't stop you from booting a third party OS without you toggling that BIOS option, then the security feature would be pointless.
Imagine if in the future that option becomes untouchable
Then it would be an issue and I would not suggest anyone buy those machines
I've been wary of secure boot and pluton chips for this reason.
view more: next ›