Ubuntu 16.04 Secure Boot Policy
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Tue Jul 5 08:15:01 UTC 2016
On Tue, 5 Jul 2016 03:39:48 -0400, Tom H wrote:
>On Mon, Jul 4, 2016 at 3:58 AM, Ralf Mardorf wrote:
>> It's still more user-friendly to disable secure boot, than to deal
>> with it, isn't it?
>
>It's certainly simpler. I've disabled SB on my laptop out of sheer
>laziness
I only use an old BIOS computers, but assumed one day I should get an
UEFI-secure-boot computer, then I most likely would disable secure
boot. Call it "laziness", I name it "cautiousness to avoid trouble".
You and I are advanced users and using secure boot at least is
uncomfortable for us, we don't know, if it could cause an issue at a bad
timing. It might expand security, but for my computer usage I didn't
experience security issues in more than 10 years Linux usage, most of
the times even without AppArmor, firewalls and similar. Even while
I'm seldom using firewalls myself, I recommend to use a firewall. I do
not recommend AppArmor, SELinux, secure boot. At least AppArmor doesn't
cause issues (I don't know SELinux by own experiences). I have read
many threads about (U)EFI and secure boot issues on different mailing
lists. Assumed my kind of computer usage should require advanced
security, then I would ensure to always use a firewall and perhaps
always use AppArmoror, or read about SELinux and perhaps test this. I
still would avoid adding possible trouble by using secure boot.
I wunder if a multi-boot with a Windows install that requires secure
boot, could be done, by only enabling secure boot, before booting
Windows and disabling it, before booting Linux or BSD. Actually I only
need one Windows program, running on Windows 7 as a guest on a Linux
host. Since I anyway need to share data between Linux and this Windows
program, running it in a virtual machine is better, regarding my needs.
2 Cents,
Ralf
More information about the Ubuntu-devel-discuss
mailing list