- Joined
- Mar 17, 2019
Great point! The Michelangelo virus has only been around for thirty years. And Snowden exposed NSA weapons that use a variety of firmware attacks.
But I guess MBR/UEFI violations aren't an issue.
Can you cite a case where SecureBoot has stopped people from using Linux? I understand that if it's enabled, it's more difficult to build your own kernel, you have to go through a couple steps to add and approve a signing key. Not trying to prune my kernel down to the lowest number of KB to run on a 486 with 8MB of RAM anymore, so I'm probably fine with that.
Now, there is a certain problem that I feel should be solved, but which even if a solution is developed could, in theory, be blocked by a cabal of 'approved' Linux (well, grub or 'shim') developers under SecureBoot. That's a mostly-deniable version of full disk encryption.
Truecrypt does have hidden volumes, but what the people really need for their phones and laptops is an option where you can enter one passphrase at boot, and get a mount of a partition that seemingly covers the entire drive, but which writes L->R, so it can be played around with by a customs official or other adversary but won't expose hidden data or even damage it, unless they fill up the entire drive. Or, if you enter a different passphrase, it mounts the hidden partition, R->L. That could be restricted in size so it doesn't damage the deniable partition.
I acknowledge that such a solution isn't perfect- there would be some patterns in flash wear that might be usable to expose that it had been used- but it could seriously impact on the ability of malicious actors to force an unlock.
If such a solution is developed, but blocked from integration into Grub etc by devs with the ability to get things signed? I'll consider SecureBoot malicious.
