undefined | Better HN

0 pointsc0l09mo ago0 comments

It would be fine it were only that. The actual problem is that software vendors can and do use Secure Boot to also check if you, the machine's owner, "decided" to "trust" this set of special CAs - and if you did not (and limited your freedom to execute any code you want in any way you want it on your machine in doing so), make the software you bought/licensed from them - or any other software you would like to run on top of these vendors' platforms - refuse to work on your machine.

0 comments

mjg599mo ago

Which vendors?

tom13379mo ago

As example, FaceIT Anti Cheat only works if Secure Boot is enabled. I guess their argument is that they can ensure you only boot genuine Windows and thus they can better check if you've tampered with anything.

mjg599mo ago

I've found no evidence that it checks the set of trusted certs, only that secure boot is enabled (which is trivial to fake).

1 more reply

Y_Y9mo ago

https://www.theguardian.com/technology/blog/2006/jul/14/wind...

I see Microsoft's malicious erosion of the meaning of "genuine" is going well.

c0l0OP9mo ago

Microsoft, with Windows 11. No, the "LabConfig" bs does not count.

mjg599mo ago

Where does Windows 11 check the set of trusted certificates?

j / k navigate · click thread line to collapse