Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
AshamedCaptain 7 hours ago

Or just show a prompt whether you try the first time you try to boot something with a signature that is not recognized, like what a million slightly-less-consumer-hostile appliances out there do. This _adds_ convenience to the user, and it is hardly a regression in security.

kbolino 5 hours ago | parent [-]

If there is no pre-existing trusted root, the certificate presented is meaningless to laypeople. There's no way for the average person to know whether to press yes or no to it, as they're not about to check the SHA256 fingerprint against some obscure web page they have to access from another device. Nobody gets official media anymore; everything is burned, flashed, or second hand. Self-signed is no better than unsigned if you don't know how or don't bother to check.

Just to be clear, I'm not saying you shouldn't be able to boot something you trust on a device you own, just that it's completely reasonable to have Microsoft's certificate preloaded.

AshamedCaptain 3 hours ago | parent [-]

This is as ridiculous as it gets -- so malicious Linux install media is the problem you want to defend against? When has this _ever_ been a problem? And more importantly -- why is this ridiculous problem so important the solution must be giving MS even more monopoly abusing powers?

People may use pendrives, but even if they literally google "Linux install" and click on the first result they are getting the media from the correct website. One could even claim it is in practice even a better situation than getting it from a random, even if reputable magazine as it was common 20 years ago.

The certificate is not meaningless; it still identifies the same publisher. E.g. if you already trusted Suse once, you do not get the same prompt again.

If you really cannot reliably identify the contents of your install media for the very first installation, what do you want to do here? And why is Windows having the advantage even improving the situation at all? With no dbx, you have a myriad of exploitable Windows versions ready to be used in your 'compromised' Windows install media. And due to the draconianess of the secure boot lockdown, most Linux users will either disable secure boot entirely, add the MS UEFI CA (with the extra bazillion of now non-MS backdoors that entails), or roll their own PK/MOK. In all 3 cases, your compromised install media 'wins' and secure boot has been useless. These are not dumb users precisely...

As usual with secure boot, the threat vectors it 'defends' against are very farfetched, made redundant with a plenitude of easier attack vectors that secure boot will not protect against, and anyway whatever protection SB may give is defeated entirely by comically easy methods (e.g. using a legit windows install media to simply boot the pc with your fake fullscreen windows install/logon dialog while you clone the bitlocker encrypted disk. Bonus points if you use that same computers' recovery partition instead of external install media, which was still an unpatched hole just a couple years ago) precisely because SB basically defaults to "trust anything from MS" instead of trusting only what the user wants it to trust. It also happens that MS not only benefits significantly from this current implementation but also has repeateadly used it to push other OSes away.