Le 23/10/2017 à 11:47, Arnt Gulbrandsen a écrit :
Because I want deny people with physical access the ability to boot
unsigned bootloaders.
I am both the owner of my hardware and the person who usually has
physical access. Requiring signed boot loaders is way to transfer
rights from latter role to someone else — in my case I'd prefer to
transfer them to the former for all portable hardware, so for my next
laptop I'm going to do the MOK stuff described on this list last week.
For me the things which need to be protected are
1) the data
2) the OS, to avoid backdoors
I can't see any need to protect a motherboard against booting from
a "foreign" disk.
The only way to protect a computer from a physical hack is to lock
the door of the room where it sits, with a good old key made of iron.
Didier
_______________________________________________
Dng mailing list
Dng@lists.dyne.org
https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng