Comment on New US Congress bill proposal requires all operating system providers to verify ages
ramble81@lemmy.zip 2 days agoSecure boot by itself isn’t a bad thing. It basically just says the OS you boot from has to have a signed and approved bootloader/drivers. The problem is, the approval list is handled by the board manufacturer and not every version of Linux supports it since it has to be signed and approved. Also, if you have unsigned kernel level modules (such as an open source video driver) that can cause the process the break as the driver isn’t signed. I believe user space is much more accepting.
From a privacy aspect, it isn’t directly impacting, except it limits which distros you use, and may prevent you from doing other privacy related changes as a low level or forcing you to use signed binaries that you may not be able to audit.
wrinkle2409@lemmy.cafe 2 days ago
Oh I see, so it is basically a corporate controlled allow list that could be used for forcing you to have a specific system. Absolutely disgusting that this is hidden under the guise of security
ramble81@lemmy.zip 2 days ago
That’s…. a stretch. The issue is that the default CA that manufacturers include is Microsoft, so Debian developed a shim, signed by Microsoft, so that they could sign their own distros ans modules.
Since a lot of boards allow you to inject your own key into the MOK for UEFI, you can basically roll your own with a little work. It’s just not “out of the box” since they’d have to validate multiple different distros.
It’s more a matter of sheer size of Microsoft vs Linux rather than locking. I’ve said “a lot” and “most” around boards given that I’m not sure what the breakdown is, but I haven’t seen a board that doesn’t do that.