this post was submitted on 14 Jan 2025
399 points (98.5% liked)
Technology
60578 readers
3640 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
No. Once you strip away all the rhetoric, the purpose of a locked boot system is control (over who or what can boot the system).
Current secure boot implementations are like a door lock installed by someone else, which you are not allowed to replace and that may or may not allow you to cut your own duplicate keys for it. You have no control whatsoever over who the people who installed the lock may have given keys to, and if it turns out that the lock has a fundamental design flaw that means it can't do its job properly, well, sucks to be you. You can't even guarantee that the lock won't morph into a new shape randomly or under the control of the installer, invalidating your existing keys in the process.
Rooting a device is a tradeoff. An unreliable door lock that you don't entirely control may be better than none, but if you know you're leaving the door unlocked, you also know you need to take other precautions to safeguard what's inside (or simply not leave anything of value there in the first place).
The ideal would be a locked boot system that is installed by the user and is fully under their control, but I have yet to encounter one.
https://libreboot.org/docs/linux/grub_hardening.html