UEFI secure boot

Colin Watson cjwatson at ubuntu.com
Tue Sep 27 08:46:39 UTC 2011

On Mon, Sep 26, 2011 at 07:14:36PM -0400, Rashkae wrote:
> Am I the only one who thinks this is actually a good idea from MS?

The fundamental problem here is that it is securing the wrong thing: it
is securing the computer against changes by its legitimate owner and
user (remember that this is only part of an entire stack of signature
checks).  Sure, forbidding unauthorised changes to the system is one way
to stop a class of attacks from progressing, but at what cost?

Furthermore: if an attacker has acquired enough access to replace your
boot loader, you have already lost.

Colin Watson                                       [cjwatson at ubuntu.com]

More information about the ubuntu-users mailing list