It's a platform feature which, if Linux distributions actually implemented it properly, you could use to protect your own OS's integrity. (In practice, initrd is not part of the chain of trust and so it's mostly a waste of time.)
It has no adverse privacy implications, and you can load your own keys or turn it off at your own convenience.
And you're doing an exemplary job of demonstrating that point about FUD.
> Secure Boot does nothing at all for Linux and BSD Systems,
While a trustworthy boot chain may not be important to you personally, for many people and organisations it is, regardless of whether they're running Linux or Windows or any other OS.
Secure boot is the only means to provide any assurance at all that the platform firmware, kernel, initrd and other essential elements of the boot chain have not been modified.
This is a prerequisite to, among other things, being able to automatically unseal encrypted secrets on boot, or to have full disk encryption where you can be moderately confident that nothing has been modified to steal your FDE passphrase the next time you type it in.
> all it does is:
> * make it impossible to install Linux and BSD on arm systems with windows
Windows ARM systems make up a tiny portion of the market and they are difficult to run anything else on even without secure boot.
> * make it hard for newbies to install these systems
How? The major distros have signed shims and largely work out of the box, and it's one checkbox in the BIOS config menu for those which don't.
> Plus you need to pay Microsoft to use Secure boot on your newer Intel Systems.
Sorry, but that's a straight up lie.
> That is what Red Hat did for their shim which many distros use.
Only to provide the convenience of not having to load your own keys.
(2020)
True, but this is even more true now with Windows 11 with Recall, CoPilot and Secure boot.
So I think this should be re-posted every few years for people new to this site :)
My fear is some Linux Distros may also start going down this path. But at least wit Linux, people will find out quickly and move to another distro.
There's a lot of FUD out there about secure boot.
It's a platform feature which, if Linux distributions actually implemented it properly, you could use to protect your own OS's integrity. (In practice, initrd is not part of the chain of trust and so it's mostly a waste of time.)
It has no adverse privacy implications, and you can load your own keys or turn it off at your own convenience.
Secure Boot does nothing at all for Linux and BSD Systems, all it does is:
* make it impossible to install Linux and BSD on arm systems with windows
* make it hard for newbies to install these systems
Plus you need to pay Microsoft to use Secure boot on your newer Intel Systems. That is what Red Hat did for their shim which many distros use.
And you're doing an exemplary job of demonstrating that point about FUD.
> Secure Boot does nothing at all for Linux and BSD Systems,
While a trustworthy boot chain may not be important to you personally, for many people and organisations it is, regardless of whether they're running Linux or Windows or any other OS.
Secure boot is the only means to provide any assurance at all that the platform firmware, kernel, initrd and other essential elements of the boot chain have not been modified.
This is a prerequisite to, among other things, being able to automatically unseal encrypted secrets on boot, or to have full disk encryption where you can be moderately confident that nothing has been modified to steal your FDE passphrase the next time you type it in.
> all it does is: > * make it impossible to install Linux and BSD on arm systems with windows
Windows ARM systems make up a tiny portion of the market and they are difficult to run anything else on even without secure boot.
> * make it hard for newbies to install these systems
How? The major distros have signed shims and largely work out of the box, and it's one checkbox in the BIOS config menu for those which don't.
> Plus you need to pay Microsoft to use Secure boot on your newer Intel Systems.
Sorry, but that's a straight up lie.
> That is what Red Hat did for their shim which many distros use.
Only to provide the convenience of not having to load your own keys.
I'd be very surprised if things were better today.
As the author implies, this is the root of the reason user's need "free software", not "open source"...
i'd like to interject for a moment what you're referring to as user's is in fact users