On 2023-09-29, <to...@tuxteam.de> <to...@tuxteam.de> wrote: > > > On Fri, Sep 29, 2023 at 10:50:37AM +0100, Steve McIntyre wrote: >> Stefan wrote: >> >> With outdated keys secure boot does not protect you. >> > >> >Just to clarify: in 99.99% of the cases, SecureBoot does not protect you >> >(and is not designed to protect you either).
>> Sigh. Lose the misinformation crap, please. It's getting tedious. > He-said-she-said. > https://wiki.debian.org/SteveMcIntyre Steve McIntyre Steve has been a DD since October 1996 and was Debian Project Leader from April 2008 to April 2010. He maintains quite a few packages, but is normally most active doing DebianCd or DebianInstaller or UEFI work. He's also an admin for this wiki! https://wiki.debian.org/SecureBoot#What_is_UEFI_Secure_Boot.3F What is UEFI Secure Boot NOT? UEFI Secure Boot is not an attempt by Microsoft to lock Linux out of the PC market here; SB is a security measure to protect against malware during early system boot. Microsoft act as a Certification Authority (CA) for SB, and they will sign programs on behalf of other trusted organisations so that their programs will also run. There are certain identification requirements that organisations have to meet here, and code has to be audited for safety. But these are not too difficult to achieve. SB is also not meant to lock users out of controlling their own systems. Users can enroll extra keys into the system, allowing them to sign programs for their own systems. Many SB-enabled systems also allow users to remove the platform-provided keys altogether, forcing the firmware to only trust user-signed binaries. Get a life (or change those wikis to reflect *your* truth)!