Besides a github project, this page is a good read about the sorry state of secure boot:
2 Likes
So puts Secure Boot back to the machine owner instead of leaving the trust chain in the hands of OEMs and Microsoff. Stared thanks!
2 Likes
For what it’s worth, the ONLY time I’ve ever had Secure Boot enabled is when I’ve had to run what used to be a very insecure system, the one that Mr. and Mrs. Average have purchased for many decades. That environment has improved security at a huge cost, often by adding layers of fixes and overhead. Maybe by now a lot of it has been gutted and replaced but that didn’t happen for a long time.
Given that I’ve not had to run such things in almost a decade I haven’t used “Secure Boot” for just as long. I do almost always utilize EFI/UEFI and GPT partitions; it does much better with multi-partitioned systems, especially with multi-boot systems compared to BIOS and the former partitioning scheme.
3 Likes