-----Original Message----- From: taii...@gmx.com [mailto:taii...@gmx.com] Sent: Tuesday, August 15, 2017 2:50 AM To: Wim Vervoorn <wvervo...@eltan.com>; qubes-users <qubes-users@googlegroups.com> Cc: raahe...@gmail.com Subject: Re: [qubes-users] UEFI secureboot issue
Secure boot is a stupid Microsoft controlled project to eventually remove the ability for commercial PC's to run non windows operating systems. SB 1.0 specs mandate owner controlled (an option to shut it off), SB2.0 doesn't and PC's built to that spec such as the Windows 10 ARM PC's and MS's "signature series" PC's prevent you from installing non microsoft operating systems. "Secure" boot is simply a marketing name for kernel code signing, you can easily do this with coreboot and a grub payload (grub supports kernel signing). SB doesn't stop virii as that wasn't what it was designed to do, preventing rootkits from modding the kernel is irrelevant as you can simply change another critical system file of which there are many on windows. Kernel code signing is only useful in an AEM context with an encrypted filesystem but unencrypted kernels. I myself have a variety of owner controlled fully libre firmware devices such as the KGPE-D16 and KCMA-D8 asus motherboards, those two are the only ones that offer full libre functionality along with high performance - they also run qubes great - having 32 cores and 128GB ram is excellent for it. Please note these are the only owner controlled devices that support v4.0 (purism isn't owner controlled and their firmware isn't and can't ever be open source) Another neat feature is an addon user configurable CRTM TPM module (very rare). As always I offer free tech support for libre motherboards if you wish to buy one. ** Hello, Basically I am not asking for some type of religious war on Secure Boot. All I am basically asking for is if the executables provided in the Qubes distribution are signed and if so which keys have been used. If they are not and we should sign them ourselves (either for grub or secureboot) this is good to know as well. Best regards, Wim Vervoorn -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fad326868c7e42219681d63feb020859%40Eltsrv03.Eltan.local. For more options, visit https://groups.google.com/d/optout.