Secure boot is a stupid Microsoft controlled project to eventually
remove the ability for commercial PC's to run non windows operating systems.
SB 1.0 specs mandate owner controlled (an option to shut it off), SB2.0
doesn't and PC's built to that spec such as the Windows 10 ARM PC's and
MS's "signature series" PC's prevent you from installing non microsoft
operating systems.
"Secure" boot is simply a marketing name for kernel code signing, you
can easily do this with coreboot and a grub payload (grub supports
kernel signing).
SB doesn't stop virii as that wasn't what it was designed to do,
preventing rootkits from modding the kernel is irrelevant as you can
simply change another critical system file of which there are
many on windows.
Kernel code signing is only useful in an AEM context with an encrypted
filesystem but unencrypted kernels.
I myself have a variety of owner controlled fully libre firmware devices
such as the KGPE-D16 and KCMA-D8 asus motherboards, those two are the
only ones that offer full libre functionality along with high
performance - they also run qubes great - having 32 cores and 128GB ram
is excellent for it.
Please note these are the only owner controlled devices that support
v4.0 (purism isn't owner controlled and their firmware isn't and can't
ever be open source)
Another neat feature is an addon user configurable CRTM TPM module (very
rare).
As always I offer free tech support for libre motherboards if you wish
to buy one.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5954f0ad-5a54-31d1-af3a-601b7c16b363%40gmx.com.
For more options, visit https://groups.google.com/d/optout.