(securityonline.info)

658 points transpute | 1 comments | 06 May 23 17:39 UTC | HN request time: 0.209s | source

Show context

TacticalCoder ◴[06 May 23 19:48 UTC] No.35844787[source]▶

>>35843566 (OP) #

To all those saying SecureBoot brings absolutely nothing security wise...

Why is a project like, say, Debian, even bothering signing kernels:

https://wiki.debian.org/SecureBoot

What's their rationale for supporting SecureBoot?

replies(5): >>35844795 #>>35844812 #>>35844902 #>>35844983 #>>35848520 #

1. overbytecode ◴[07 May 23 06:39 UTC] No.35848520[source]▶

>>35844787 #

I’m confused, why would a kernel need to be signed if you don’t actually care about secureboot? If you have a signed GRUB, then UEFI with SB will run it, after which you can use GRUB to launch any kernel, signed or not, right?

↑

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security