| ▲ | LooseMarmoset 2 hours ago | |||||||
Secure boot is designed to verify software signatures. The UEFI bios might support loading software over https, but it isn't part of secure boot. Secure boot would verify any kernels/etc loaded from https. | ||||||||
| ▲ | RulerOf 2 hours ago | parent | next [-] | |||||||
That was the point as I read it. Payload signature verification is a good and sometimes desirable alternative to transport encryption when the payload itself isn't secret. Highly-cacheable resources like game and OS updates are often intentionally delivered over http as signed payloads to facilitate middlebox caching. | ||||||||
| ▲ | naturalmovement an hour ago | parent | prev [-] | |||||||
> Secure boot is designed to verify software signatures aka integrity. HTTPS is a useless gesture here, adding complexity to critical software that needs to be as simple and auditable as possible. Confidentiality is essentially unimportant to anyone but the most autistic of by-the-book nerds. It buys you nothing in a practical sense. Most netbooting happens over closed networks anyway. | ||||||||
| ||||||||