"If you can turn off secure boot with a couple of clicks how is it secure" is a question I got asked today that I did not have a good answer for.
-
I know the theory, I get it, but when you watch an absolute nonspecialist, wholly new to Linux or installing an OS at all encounter secureboot for the first time, and what they learn is "this is an obstacle to me doing something I want with my computer, but I can turn it off with three clicks", a reasonable person might reasonably conclude that this might be some bullshit that isn't protecting anyone from anything real.
@mhoye and they would be right
-
@suetanvil @mhoye it can also be used as defense against 'abusive spouse/parent covertly installs stalkerware on their victim' but none of the implementations care avout this sort of threat of course. (so many chip datasheets only talk about preventing readout and modification of 'intellectual property', lmao)
in non-embedded computers, secure boot is often meant to be used in conduction with the TPM. disabling secure boot would change the PCR measurements, and thus render (for example) the disk encryption keys inaccessible
This (in-home abuse) is a legitimate use case but even then, it's pretty unlikely for an abuser to know how to install a compromised kernel but not (e.g.) a physical keylogger or a hidden camera pointed at the keyboard.
TPM is for CEO LARPers, because *of course* it is.
(For abuse, you want something that's hidden AND encrypted AND deniable. E.g. local VM images that you use for schoolwork but are easy to accidentally set to encrypted.)
-
I know the theory, I get it, but when you watch an absolute nonspecialist, wholly new to Linux or installing an OS at all encounter secureboot for the first time, and what they learn is "this is an obstacle to me doing something I want with my computer, but I can turn it off with three clicks", a reasonable person might reasonably conclude that this might be some bullshit that isn't protecting anyone from anything real.
@mhoye that's a reasonable question, but there is a common parallel: freezing one's own credit at your bank. It's an undoable action, but the step of unfreezing it requires a bit of extra verification. Same thing with secure boot, in theory.
But at this point I think it's pretty clear that Secure Boot as a technology has done exactly what the critics have said since its original proposal: it offers a modest theoretical security increase but delivers a huge vendor lock-in tool. Net negative.
-
@mhoye that's a reasonable question, but there is a common parallel: freezing one's own credit at your bank. It's an undoable action, but the step of unfreezing it requires a bit of extra verification. Same thing with secure boot, in theory.
But at this point I think it's pretty clear that Secure Boot as a technology has done exactly what the critics have said since its original proposal: it offers a modest theoretical security increase but delivers a huge vendor lock-in tool. Net negative.
@mhoye in the most positive light Secure Boot offers to a very small subset of computer users, who have the technical wherewithal and the disposable free time to understand the security trade-offs and the mechanisms offered by the tool, an increment of extra security against system compromise by... software which those same people have the skills and time to evaluate critically? Attackers with physical system access, who somehow don't want to use that access to just rob the place?
-
@mhoye in the most positive light Secure Boot offers to a very small subset of computer users, who have the technical wherewithal and the disposable free time to understand the security trade-offs and the mechanisms offered by the tool, an increment of extra security against system compromise by... software which those same people have the skills and time to evaluate critically? Attackers with physical system access, who somehow don't want to use that access to just rob the place?
@gnomon Yeah. Couple that with the part where SecureBoot keys keep leaking out, and the only real utility of Secure Boot for anyone outside of a Mission Impossible Movie Scenario is to spook people into not replacing Windows.
-
P pixelate@tweesecake.social shared this topic
