the weak link being secure boot implementations themselves
the weak link being secure boot implementations themselves
Posted Dec 26, 2024 18:32 UTC (Thu) by marcH (subscriber, #57642)In reply to: the weak link being secure boot implementations themselves by Heretic_Blacksheep
Parent article: Systemd takes steps toward a more secure boot process
> I get where this is coming from, but it's almost lipstick on a pig at this point with so many OEM firmware chains already compromised before the OS atomic image is verified.
Even if they were only a small number of non-compromised OEMs left, that "lipstick on a pig" would still help them complete the chain and compete; that's a good thing.
Security is only as strong as the weakest link; you have a valid point there. But that does not mean work on the other links should stop and wait until that weakest link gets fixed.
Also, the location of the "weakest link" is heavily dependent on the context and threat model. If every link keeps making excuses by pointing fingers at other links then nothing ever gets done.