:: Re: [DNG] UEFI and Secure Boot
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Narcis Garcia
日付:  
To: dng
題目: Re: [DNG] UEFI and Secure Boot
El 23/10/17 a les 16:35, Arnt Gulbrandsen ha escrit:
> Didier Kryn writes:
>>     For me the things which need to be protected are
>>
>>     1) the data
>>     2) the OS, to avoid backdoors
>>
>>     I can't see any need to protect a motherboard against booting from
>> a "foreign" disk.
>
> To access the data: Boot from foreign media, modify or replace the usual
> boot partition so it looks right until it asks for the disk encryption
> password, turn off the host, wait for the owner to turn it on and type
> in the password, done.
>


I don't know better secure boot than your own removable media: MBR and
whole /boot on an USB key, and full disk encryption.
If you really need that level of security, don't trust to any installed
boot (UEFI/GRUB/etc).

Mainboard support for UEFIs aren't capable to trust the boot so
transparently as FOSS does.