• ooterness@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    8
    ·
    24 days ago

    It’s not for you, it’s for them. Secure boot means it only runs their operating system, not yours. Trusted enclave means it secures their DRM-ware from tampering by the user who owns the PC.

    • Takumidesh@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      24 days ago

      Secure boot means that only the intended bootloader runs, it can be any one, but it just needs to be the intended one.

      Secure boot works with Linux.

      • ooterness@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        5
        ·
        24 days ago

        It works for now on x86-64, yes. For now. As always, we are one “think of the children” crisis away from lobbyists taking that option away.

        • Takumidesh@lemmy.world
          link
          fedilink
          English
          arrow-up
          10
          arrow-down
          1
          ·
          24 days ago

          What? I think you maybe just don’t know what purpose secure boot serves.

          It’s not a tool to vendor lock computers, it’s a tool to establish a chain of trust to protect the boot process by only allowing cryptographically signed images from executing. Anyone can sign things for secure boot by simply creating an x509 certificate and importing it. If vendors wanted to prevent you from running a different operating system, they would just lock it down completely as is done in many devices like mobile phones and proprietary electronics.

    • ftbd@feddit.org
      link
      fedilink
      English
      arrow-up
      4
      ·
      24 days ago

      What do you mean? I remove all vendor keys and enroll my own secure boot keys. This way only my install with my bootloader signed by my keys will boot.