Re: On the uses of secure boot [was: Debian live boot corrupting secure boot]
On 2023-09-29, <tomas@tuxteam.de> <tomas@tuxteam.de> wrote:
>
>
> On Fri, Sep 29, 2023 at 10:50:37AM +0100, Steve McIntyre wrote:
>> Stefan wrote:
>> >> With outdated keys secure boot does not protect you.
>> >
>> >Just to clarify: in 99.99% of the cases, SecureBoot does not protect you
>> >(and is not designed to protect you either).
>> Sigh. Lose the misinformation crap, please. It's getting tedious.
> He-said-she-said.
>
https://wiki.debian.org/SteveMcIntyre
Steve McIntyre
Steve has been a DD since October 1996 and was Debian Project Leader from
April 2008 to April 2010.
He maintains quite a few packages, but is normally most active doing DebianCd
or DebianInstaller or UEFI work. He's also an admin for this wiki!
https://wiki.debian.org/SecureBoot#What_is_UEFI_Secure_Boot.3F
What is UEFI Secure Boot NOT?
UEFI Secure Boot is not an attempt by Microsoft to lock Linux out of the PC
market here; SB is a security measure to protect against malware during early
system boot. Microsoft act as a Certification Authority (CA) for SB, and they
will sign programs on behalf of other trusted organisations so that their
programs will also run. There are certain identification requirements that
organisations have to meet here, and code has to be audited for safety. But
these are not too difficult to achieve.
SB is also not meant to lock users out of controlling their own systems. Users
can enroll extra keys into the system, allowing them to sign programs for their
own systems. Many SB-enabled systems also allow users to remove the
platform-provided keys altogether, forcing the firmware to only trust
user-signed binaries.
Get a life (or change those wikis to reflect *your* truth)!
Reply to: