On 03/31/2017 10:45 PM, cooloutac wrote:
On Friday, March 31, 2017 at 4:20:09 PM UTC-4, Vít Šesták wrote:
Thanks for your responses. p
In this thread, I'd like to discuss how much can it help (i.e., how hard is it
to bypass).
On self-encrypting devices: I generally don't trust those implementations to be
well-reviewed and well-designed, so SED is not a use case for me.
Regards,
Vít Šesták 'v6ak'
I think secure boot would make it better, but maybe a controversial thing to
say. I don't know much about this subject myself, but I don't think it
actually stops anything. Just lets you know if something has changed. Like a
file integrity program kind of.
And if something does change there is no fix so you will have to replace all
the hardware. (If thats something you're willing to do).
You can also do other things like nail polish on screws or crevices. photo them
before you leave it unattended... strongbox? lol
Microsoft's "Secure" boot is made for security, as in - the security of
their income stream.
So what you can't easily mess with the boot loader, well that doesn't
matter as you can still replace critical system files (verifying all
these would take too long and could cause problems)
You aren't allowed to install a new boot loader with a SB system unless
it comes with the disablement option - that's it.
It is a signing key based loader for EFI, but you can do the same thing
with a variety of FOSS boot-loaders just without supporting their bullshit.
One day you won't be allowed to install linux on "your" (theirs)
computer, already 99% of computers are not owner controlled as they were
a decade ago - and secure boot 2.0's spec removes the disablement option
mandate and 3.0 will probably be enforced with some kind of ME/PSP scheme.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/793e196f-78eb-18f4-66a9-9a3e6a0babe3%40gmx.com.
For more options, visit https://groups.google.com/d/optout.
