|
|
Subscribe / Log in / New account

the weak link being secure boot implementations themselves

the weak link being secure boot implementations themselves

Posted Dec 24, 2024 23:12 UTC (Tue) by Cyberax (✭ supporter ✭, #52523)
In reply to: the weak link being secure boot implementations themselves by Heretic_Blacksheep
Parent article: Systemd takes steps toward a more secure boot process

You can approach that with Coreboot. Notable, System76 sells laptops with it: https://github.com/system76/firmware-open

It's not completely open, there are still blobs for some devices. I guess RISC-V based systems will be the top contenders for fully-verified boot.

to post comments

the weak link being secure boot implementations themselves

Posted Jan 2, 2025 16:34 UTC (Thu) by paulj (subscriber, #341) [Link] (1 responses)

Just to add a data-point, I have a NovaCustom laptop with Dasharo based coreboot. Works great. You can turn off the Intel ME. EU based company, so might be better in logistical terms for some.

the weak link being secure boot implementations themselves

Posted Jan 3, 2025 8:48 UTC (Fri) by patrick_g (subscriber, #44470) [Link]

I second that. I also own a NovaCustom laptop with Dasharo based coreboot (and deactivated Intel ME) and and it's a very good machine.
With this coreboot-based firmware and the systemd-boot loader I have a free (modulo some blobs), modern, secure and minimalist boot process on this laptop.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds