Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
shawnz 4 days ago

If the manufacturer wanted to conduct a supply chain attack on you, they wouldn't need secure boot to do it. They could just design an implant of their own using proprietary technology.

So why does the presence of secure boot as a user-controlled feature affect that risk calculation?

immibis 3 days ago | parent [-]

Because manufacturers aren't trying to add surreptitious implants. They're trying to prevent you installing operating systems other than the one they get a bulk discount if they force you to have.

shawnz 3 days ago | parent | next [-]

Whatever the intent, the point stands: why would they need secure boot to do that? They could just do it with proprietary controls. So how does the existence of secure boot as a user-controlled feature affect that risk?

immibis 3 days ago | parent [-]

The specific proprietary controls you're referring to are called "secure boot".

shawnz 3 days ago | parent [-]

I think that is a uselessly reductive interpretation of what secure boot is because you could apply the same logic to any security technology. Why should we allow login passwords or user permissions or disk encryption, since those could be used as lock-out technologies by manufacturers, if they just ship them with defaults you can't control?

Manufacturers don't need any user-facing standardized controls to implement lockouts. So the possibility of a feature being used as a lockout shouldn't be a justification for taking away the option of having a user-controlled security feature. Taking it away from users isn't going to stop manufacturers from doing it anyway with proprietary technologies instead.

immibis 2 days ago | parent [-]

Because manufacturers do use secure boot to prevent you changing your OS and don't use fingerprint recognition to prevent you selling your device to someone else. If they did the latter, that would also be bad, but they don't.

bigfatkitten 2 days ago | parent | prev [-]

They aren't doing that either. It's a tiresome point of FUD that comes up in every thread on secure boot.