| ▲ | mjg59 5 days ago | |||||||
The rollover coincides with stronger security policies for signed objects (enforcing code being read-only, that kind of thing) and people with stronger security requirements can remove trust in the old certificate to enforce that. Code has bugs. There's any number of critical vulnerabilities in Linux, Windows, MacOS that have allowed bypass of all security features - does that mean all security features remain security theatre? | ||||||||
| ▲ | ploxiln 4 days ago | parent [-] | |||||||
Most security features are, yeah. The cost in terms of freedom/flexibility and reliability/longevity is very high. But we're told, this is necessary, it's the only way to guarantee the security of the poor user. But if in practice the security wasn't actually guaranteed, for most motherboards over most years, due to pretty big dumb oversights ... was it worth the extreme costs? The cost of losing compatibility with older or newer software/hardware, of losing convenient repairs and recovery? Nope. You sold your soul for "guaranteed security" of securing the entire boot and runtime from the lowest level hardware up ... and didn't really get it anyway. | ||||||||
| ||||||||