| ▲ | dark-star 3 hours ago |
| you can always either disable secureboot and driver signature verification, or (the better solution) just enroll your own certificate in your TPM and sign the driver with that... |
|
| ▲ | askonomm 3 hours ago | parent | next [-] |
| Ah, yes, the [insert super inconvenient and complex thing to do that most people don’t know, want or should do] will solve it! And when that fails, surely the user can just write their own OS, right? Bunch of skill-issued complainers we the users are. |
| |
| ▲ | falcor84 2 hours ago | parent | next [-] | | Well, the hope was always that those of us inconvenienced by M$ would all collectively contribute to making Linux distros more convenient for everyone. But we can't ever seem to get inconvenienced enough to actually sufficiently mobilize and/or coordinate such an effort. | | |
| ▲ | weaksauce an hour ago | parent [-] | | It does seem like linux is having its moment right now. there's the money and effort valve is putting into KDE making the steamdeck and steammachine polished for their hardware which helps all users of KDE. cachyos is making having a rolling distro really smooth and snappy on old hardware and making games work mostly ootb. stuff like winboat and wine will let you use the few windows apps you need. you are kinda stuck though if you want to use something like fusion360 or solidworks. freecad has improved quite a bit but it's still like gimp where it's slightly worse UX in a lot of ways. |
| |
| ▲ | dark-star an hour ago | parent | prev [-] | | I mean, the super-easy option would be to just use BitLocker for FDE. No hassles, just works. But I fugured since everyone here on HN hates MS I wouldn't even bring that up. Don't trust MS? Enroll yourown keys | | |
| ▲ | rstat1 17 minutes ago | parent [-] | | Yes use Bitlocker, the thing that uploads the encryption key to OneDrive "for convenience" thereby negating the whole point of FDE in the first place |
|
|
|
| ▲ | malfist 3 hours ago | parent | prev | next [-] |
| > or (the better solution) just enroll your own certificate in your TPM and sign the driver with that... I'll tell Grandma that's what she needs to do. |
| |
| ▲ | pixel_popping 3 hours ago | parent | next [-] | | Make sure that she setup a PKI infrastructure to manage certificate revocation as well, wouldn't want a bad grandson to mess with it. | |
| ▲ | p_ing 2 hours ago | parent | prev | next [-] | | Why would you put Grandma on VeriCrypt in the first place? It's the more 'difficult' option for FDE. | | |
| ▲ | unethical_ban 21 minutes ago | parent [-] | | What's easier, and bitlocker doesn't count. I want my FDE to be based on a password or a keyfile, not simply by some code in the motherboard. I want it encrypted until I, the operator, provide some data to unlock. In my limited experience with bitlocker, the disk is decryptable automatically as long as it's in the original motherboard. | | |
| ▲ | p_ing 16 minutes ago | parent [-] | | > and bitlocker doesn't count. Wat? Bitlocker is the answer to your question. > In my limited experience with bitlocker, the disk is decryptable automatically as long as it's in the original motherboard. It's unlocked (not decrypted) when the OS boots, yes. You can optionally enforce (not on Home) other unlock methods, such as PIN before the OS boots. > I want my FDE to be based on a password or a keyfile, not simply by some code in the motherboard. That's less secure than TPM. |
|
| |
| ▲ | dark-star an hour ago | parent | prev [-] | | your grandma is probably fine with BitLocker.... |
|
|
| ▲ | ntoskrnl_exe 3 hours ago | parent | prev [-] |
| And they say Linux is inconvenient because you have to open the terminal every once in a while. |
