• enumerator4829@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    31
    ·
    22 hours ago

    For you? No. For most people? Nope, not even close.

    However, it mitigates certain threat vectors both on Windows and Linux, especially when paired with a TPM and disk encryption. Basically, you can no longer (terms and conditions apply) physically unscrew the storage and inject malware and then pop it back in. Nor can you just read data off the drive.

    The threat vector is basically ”our employees keep leaving their laptops unattended in public”.

    (Does LUKS with a password mitigate most of this? Yes. But normal people can’t be trusted with passwords and need the TPM to do it for them. And that basically requires SecureBoot to do properly.)

    • unixcat@lemmy.world
      link
      fedilink
      arrow-up
      8
      ·
      16 hours ago

      That’s only one use of secure boot. It’s also supposed to prevent UEFI level rootkits, which is a much more important feature for most people.

      • enumerator4829@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 hours ago

        True. Personally, I’m hoping for easier use of SecureBoot, TPM and encryption on Linux overall. People are complaining about BitLocker, but try doing the same on Linux. All the bits and pieces are there, but integrating everything and having it keep working through kernel upgrades isn’t fun at all.