undefined | Better HN

0 pointsarcfour1mo ago0 comments

But...it doesn't restrict user freedom. If the user wishes to do so, they can disable SB.

0 comments

CodesInChaos1mo ago

And will then be locked out from an increasing amount of Applications, Media, and eventually even Websites.

arcfourOP1mo ago

I run Linux with Secure Boot and I don't feel locked out of any media, applications, or websites.

My mom uses Secure Boot with Windows and doesn't know or care that it's enabled at all.

heavyset_go1mo ago

The OP is describing the status quo on mobile phones and tablets. On mobile Secure Boot, and systems like it, are used to lock out the user. If the boot path integrity is altered, some apps won't work or will provide degraded experiences.

What's happening the article is what has already happened on mobile: it requires vendor signing to run anything on mobile OS and the vendor locks out 3rd party drivers from their OS entirely.

It's yet another step towards desktop computing converging with mobile when it comes to software/firmware/boot/etc integrity attestation, app distribution and signing, and the ability to use your own bootloader and system drivers. When Secure Boot was first rolled out on laptops, it was used by Microsoft to lock the user out of the boot process before it was adapted to let users register their own keys, it can always be used for its original purpose, and how it's currently used on mobile, again.

kelseyfrog1mo ago

They shouldn't _have_ to do anything. The point is that no demands should be placed upon users.

Same problem with age gating. It's fine, as long as zero additional demands are placed upon users.

robotresearcher1mo ago

Freedom from the consequences of malware is more valuable than the low cost of turning SecureBoot off if you don’t want it.

We shouldn’t need the hassle of locks on our home and car doors, but we understand they are probably worthwhile for most people.

thisislife21mo ago

Do you lock your house or car and permanently handover the keys to some stranger, who you then have to depend on always to lock or unlock it for you?

dwattttt1mo ago

No? I have locks on my house and car that I have the keys for. That an argument _for_ secure boot.

2 more replies

aeternum1mo ago

What's the improved security argument for terminating VeraCrypt's account though? SB does have clear benefits but what is unclear is the motivation for the account termination.

What's the likelihood that this account ban provides zero security benefit to users and was instead a requirement from the gov because Veracrypt was too hard to crack/bypass.

UrMomsRobotLovr1mo ago

Are the demands that users become experts in provider their own security against more advanced actors not significantly worse? The control part is unfortunate but the defaults should make it so users can focus on sharing pictures of cats without fear or need for advanced cyber security knowledge.

bigfatkitten1mo ago

Users who care enough to do so can enrol their own keys using the extremely well documented process to do that.

Users who don’t care about the runtime integrity of their machine can just turn it off.

Both options are so easy that you could’ve learned how to do them on your machine in the time that you spent posting misinformation in this thread.

j / k navigate · click thread line to collapse