> I don't get how this is suppose to fix/secure anything. If it > ultimately loads grub2 where is the security benefit? The infection > point just changes.
It loads a restricted grub2 which cannot load its modules and which loads only signed kernels. So it is theoretically secure. The only "problem" would be a bug in one of many complex signed programs or the firmware used allowing changing it.
pgpw1EsfkCCAp.pgp
Description: PGP signature
