[conspire] (forw) Re: [Felton LUG] Oh boy, this doesn't look good...

[Rick Moen]

Quoting Ruben Safir (ruben at mrbrklyn.com):

> Yeah, I don't want that.  I want the root user to be able to touch
> anything.

Even if you did, this is basically just a clickbait article, like just
about every article about security, and especially about Linux security,
in a general-IT Web site or magazine.


> I consider Sercure Boot a vulnerabilitly by design

You're entitled to your wrong view.  `;->

Crypto-signing and vetting the bootchain at startup time is an obvious
win, per se, and I think the reasons are so self-evident that I'm not
going to waste time detailing them.

It would be for obvious reasons a great deal better if anyone were to be
able to wield the signing keys for UEFI Secure Boot instead of just
Microsoft Corporation (so that is irksome).  That having been said,
there are already-signed bootloaders that one can use where someone
already got MSFT to sign it, and that's the case with Linux
Foundation's, for example.