On Thursday, November 23, 2017 at 7:55:21 AM UTC-5, Leo Gaspard wrote:
> On 11/23/2017 03:35 AM, taii...@gmx.com wrote:
> > On 11/22/2017 07:25 PM, xeph...@gmail.com wrote:
> >> This is quite late, but now that UEFI is supported...is secure boot?
> >> Wasn't quite sure what key or signature to import.
> > Why are all the newbies here so obsessed with a microsoft technology?
> >
> > Just shut it off, it provides no benefit to you. If their code is so
> > great and beneficial to you why not simply install windows 10? they say
> > it is safe and secure just like SB 2.0...
> >
> > [... more of the same]
>
> Can you please avoid ranting against secure boot once again?
>
> Secure boot is *not* useless. It *does* bring security benefits,
> although not as good as measured boot with a TPM: it requires an
> additional flaw somewhere in the {BIOS, bootloader} to bypass, instead
> of just coming in and replacing a non-encrypted element of the bootchain
> by taking the hard disk out of its case without ever being noticed. So
> if you have no TPM, using secure boot is a definitive security enhancement.
>
> That said, to answer the original question, Qubes doesn't support secure
> boot out of the box yet as far as I can tell.
My vote is to use both. Or as Intel puts it to use all three of trusted,
measured, and secured boot. Enterprise systems also throw malware scanners
somewhere in there during the mix.
Richard Stallman predicted secureboot would lock out software, but he was
wrong. He half heartedly says "Microsoft failed their intended purpose", and
Even He suggests using secure boot as a security feature now. Which is all it
ever really was. MS even has option to turn off driver signing in the
software. Some people, especially computer guys, have trouble admitting when
they are wrong.
Nothing is 100% secured, but secure boot stopped hacking teams famous bios
attack, and i'm sure theres more like it out there. And in this world where
remote bios attacks are possible, thats enough for me to not call any system
even reasonably secure if it doesn't have secure boot enabled.
And i've said before, Security mostly depends on the USER more then the
hardware and operating system. Some user tasks are inherently unsafe no matter
what and you would have to limit yourself using your own volition, regardless
or hardware or software. And imo, A hardened windows system, especially if
enterprise, is much safer for the AVG user then a similarly hardened linux
system. (I just saw Tai's head explode)
Of course many feel Qubes is for more advanced users, and apparently that will
become a self fulfilling prophecy in version 4.
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/5029c6af-b7fa-4b91-837e-9809254e2acb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
