logoalt Hacker News

brooksttoday at 11:18 AM1 replyview on HN

It’s all tradeoffs. Secure boot sucks for enthusiasts but wow would the phone security / root kit scene be a nightmare without it.


Replies

ACCount37today at 12:11 PM

Would it?

A bootkit doesn't give you any more access - only more persistence. At the price of having to tailor a payload to a hardware and software platform very carefully. For most attackers, that's just not worth it.

Now, if what you want to "secure" is your ability to gatekeep what software users can and can't install? What sources they can and can't consume media from? What system-level spyware and adware users can and can't remove? What operators users can and can't connect to? Then, suddenly, "secure boot" makes an awful lot of sense.

Which is exactly how "secure boot" is treated by vendors nowadays. It's there to "secure" something alright. It's there to chain device software to the device vendor securely.

There's a reason why modern "secure boot" originated on gaming consoles and TV boxes.

show 1 reply