@mjg59 @dalias Secure Boot is neither a security feature nor a DRM feature. It's a poorly implemented feature that we all have to live with as means of interoperability with Windows PCs.
Conversation
Notices
-
Embed this notice
Neal Gompa (ニール・ゴンパ) :fedora: (conan_kudo@fosstodon.org)'s status on Thursday, 22-Aug-2024 12:35:15 JST 
Neal Gompa (ニール・ゴンパ) :fedora:
- Haelwenn /элвэн/ :triskell: likes this.
-
Embed this notice
Neal Gompa (ニール・ゴンパ) :fedora: (conan_kudo@fosstodon.org)'s status on Thursday, 22-Aug-2024 12:35:16 JST
Neal Gompa (ニール・ゴンパ) :fedora:
@mjg59 @dalias Well, sometimes. I have encountered computers that don't have that ability. Some Lenovo x86 ones and some early WoA machines don't have it. I don't know about current WoA machines, but I know that it is not required to offer the ability to switch off secure boot on either x86 or aarch64.
-
Embed this notice
Matthew Garrett (mjg59@nondeterministic.computer)'s status on Thursday, 22-Aug-2024 12:35:18 JST 
Matthew Garrett
@dalias @Conan_Kudo A right you have - either disable secure boot in the firmware or via mok and boot anything
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 22-Aug-2024 12:35:19 JST 
Rich Felker
@mjg59 @Conan_Kudo It's "DRM" in the sense of managing what rights you have (to run the OS you want) on your own computer.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Thursday, 22-Aug-2024 12:35:21 JST
Rich Felker
@mjg59 @Conan_Kudo It's not insecure code. It's not on a security boundary, just a DRM boundary.
-
Embed this notice
Matthew Garrett (mjg59@nondeterministic.computer)'s status on Thursday, 22-Aug-2024 12:35:21 JST
Matthew Garrett
@dalias @Conan_Kudo Weird that it happily loads a kernel that doesn't implement any DRM
-
Embed this notice
Neal Gompa (ニール・ゴンパ) :fedora: (conan_kudo@fosstodon.org)'s status on Thursday, 22-Aug-2024 12:35:24 JST
Neal Gompa (ニール・ゴンパ) :fedora:
@mjg59 Honestly, that's not really a good excuse. It's basically never okay to break someone's systems for any reason. And at least from the Linux side, I know for a fact that several distributions struggled to get updated shims from Microsoft since that CVE, so the damage is considerably worse. For example, Fedora and CentOS Stream both didn't get an updated shim until Fedora 40, after well over a year of needing an updated shim to deal with revocations.
Haelwenn /элвэн/ :triskell: likes this. -
Embed this notice
Matthew Garrett (mjg59@nondeterministic.computer)'s status on Thursday, 22-Aug-2024 12:35:24 JST
Matthew Garrett
@Conan_Kudo It's not a good excuse! But nor is shipping insecure code!
-
Embed this notice
Matthew Garrett (mjg59@nondeterministic.computer)'s status on Thursday, 22-Aug-2024 12:35:26 JST
Matthew Garrett
Microsoft breaking a bunch of dual-boot systems by revoking insecure versions of grub during a standard Windows update is, uh, not great and was not supposed to happen, but it's worth mentioning that systems broken by this were running known insecure bootloaders and anyone running a distro that's actually on top of security updates was unaffected
All GNU social JP content and data are available under the