SUSE and Secure Boot: The Details (SUSE Blog)
Posted Aug 11, 2012 22:07 UTC (Sat) by geofft
In reply to: SUSE and Secure Boot: The Details (SUSE Blog)
Parent article: SUSE and Secure Boot: The Details (SUSE Blog)
I think the question of whether this is an achievable goal an interesting question. However, I'd like to address Secure Boot in particular.
Okay, I certainly agree that the Secure Boot implementation is distasteful for many reasons (having interacted with it, I'm going to throw "Microsoft requires that you upload your bootloader via Silverlight" into the list of reasons to hate it). But to bring this more on topic, I'm curious if you think that the goals of Secure Boot are good goals, and whether they're worthwhile.
It seems to me, as an end user, that I want to know whether my OS has been tampered with at the boot loader level, because if that's gone then I have no trust in the rest of the OS, and if that's okay, there's a lot of validation that can be done of the rest of the OS (automatic checksums of packages, etc.) by bootstrapping that root of trust.
It also seems to me, as someone who occasionally fixes other nontechnical people's computers (and tends not to fix them by replacing their OS with a Linux distro), that a configuration that makes it harder to infect Windows machines with malware, and can also scale to making it harder to infect non-Windows machines with malware, while not getting in the way of running things other than Windows, would be desirable.
Do you think these are good goals, and do you think there's some amount of inconvenience in running non-Windows operating systems that should be tolerated in pursuit of this goal?
to post comments)