| |
| ▲ | rcxdude 16 hours ago | parent | next [-] | | >Someone has to be the root authority No-one has to be, and it certainly doesn't need to be anyone but the owner of the machine. | | |
| ▲ | donnachangstein 16 hours ago | parent | next [-] | | > No-one has to be, and it certainly doesn't need to be anyone but the owner of the machine. Technically the web should work with self-signed certificates. But that is likewise impractical. | |
| ▲ | kbolino 10 hours ago | parent | prev [-] | | You can enroll your own certificates as long as you have unlocked firmware. However, in order for vendor ISOs to boot without modification, they need to be signed by some trusted root beyond your control. | | |
| ▲ | AshamedCaptain 3 hours ago | parent [-] | | Not really? The entire use model could be "just show a prompt on first use" which literally MS is trying to kill, because oh it just so happens the status quo basically benefits them and nobody else. | | |
| ▲ | kbolino 3 hours ago | parent [-] | | I'm not sure what's being complained about here. Most PCs (still) come with Windows, so "first use" will have occurred before you obtained the computer. A motherboard bought separately usually comes unlocked so you can remove the Microsoft certificate if you don't want to trust it anymore. If you're saying that unlocked parts bought individually should not come with any certificates trusted out of the box, I don't necessarily disagree, but this would be a regression in security and convenience for the average user, so it's unlikely to be adopted. | | |
| ▲ | AshamedCaptain an hour ago | parent [-] | | Or just show a prompt whether you try the first time you try to boot something with a signature that is not recognized, like what a million slightly-less-consumer-hostile appliances out there do. This _adds_ convenience to the user, and it is hardly a regression in security. | | |
| ▲ | kbolino 4 minutes ago | parent [-] | | If there is no pre-existing trusted root, the certificate presented is meaningless. There's no way for the average person to know whether to press yes or no to it, as they're not about to check the SHA256 signature against some obscure web page they have to access from another device. Nobody gets official media anymore, so everything is burned, flashed, or second hand. Self-signed is no better than unsigned if you don't know how or don't bother to check. |
|
|
|
|
| |
| ▲ | fuzzfactor 8 hours ago | parent | prev | next [-] | | All evidence has always pointed to the purpose of Microsoft SecureBoot being introduced primarily as an obstacle to continued use of Windows 7 as well as Linux on PC's going forward when Windows 8 PC's were released. Not like there's any question. Overwhelmingly more so than for "security" purposes. Any lesser understanding of Microsoft SecureBoot, well, I understand. I've seen that kind of that kind of refusal before. | |
| ▲ | greatgib 15 hours ago | parent | prev [-] | | Basically a little bit yes. Especially for an entity located in US and with strong links to the basic government. But in the case of secure boot, this is worse, because Microsoft is just a "software" editor. But its root certificate and probably a few random others are distributed in countless of devices produced by manufacturers unrelated to them, but also, a few number of software distributors will also have subkeys to be able to sign their os/software. All of that, with zero transparency. And in the end, if I buy a Lenovo laptop, to have Linux OS running on it, there is no reason and no trust to have my OS be signed by Microsoft, that has the key to run whatever they want on my laptop. Think about it and you will see that it makes no sense at all, if you don't trust Microsoft for your OS, to have to trust them for ensuring a secure boot... | | |
| ▲ | AstralStorm 14 hours ago | parent [-] | | Technically you can revoke the default root of trust and install your own. Then manually sign your bootloader. This feature is available at least in my Gigabyte mainboard, but is not particularly easy to use, which is why bootloaders come pre-signed with a known root of trust.
There's nothing stopping the installer from generating the root of trust on the fly, except for the default settings in many machines. Can also preload measurements for hardware while at it so that nobody swaps a PCIe device for an evil twin. |
|
|
| Some PCs are able to use your own keys, which can be used to sign your bootloader. This has worked well for me with various HP computers (EliteBooks and EliteDesks). One of those, which only runs Linux, will refuse to boot the Windows installer. On my work laptop, I've also added the Windows key (not the 3rd party one) so I can dual-boot. I understand some computers may not support this as well, so YMMV. |
