Alphane Moon@lemmy.worldM to Hardware@lemmy.worldEnglish · 2 days agoChina releases 'UBIOS' standard to replace UEFI — Huawei-backed BIOS firmware replacement charges China's domestic computing goalswww.tomshardware.comexternal-linkmessage-square13fedilinkarrow-up120file-textcross-posted to: technology@lemmy.world
arrow-up120external-linkChina releases 'UBIOS' standard to replace UEFI — Huawei-backed BIOS firmware replacement charges China's domestic computing goalswww.tomshardware.comAlphane Moon@lemmy.worldM to Hardware@lemmy.worldEnglish · 2 days agomessage-square13fedilinkfile-textcross-posted to: technology@lemmy.world
minus-squareonlinepersona@programming.devlinkfedilinkEnglisharrow-up1·17 hours agoDoes BIOS have secure boot? Or can secure boot be built upon anything?
minus-squareLembot_0004@discuss.onlinelinkfedilinkEnglisharrow-up1·17 hours ago Does BIOS have secure boot? No. And that is a good thing. Or can secure boot be built upon anything? Yes, the kernel loader can do whatever check you want.
minus-squareonlinepersona@programming.devlinkfedilinkEnglisharrow-up2·12 hours ago No. And that is a good thing. Why is that a good thing?
minus-squarethe_crotch@sh.itjust.workslinkfedilinkEnglisharrow-up3·16 hours ago No. And that is a good thing. Sure. If you want your boot sector to be a super effective attack vector.
minus-squareLembot_0004@discuss.onlinelinkfedilinkEnglisharrow-up1·16 hours agoIt is already late if your boot sector is writable by anyone who wants to. Moreover, the boot sector isn’t writable if you get access just to the FS.
minus-squarethe_crotch@sh.itjust.workslinkfedilinkEnglisharrow-up4·16 hours agoIf I managed to get root, either by compromising account credentials or using some sort of escalation exploit, I could write whatever I wanted to the boot sector. Secure boot will prevent that modified boot sector from booting. “More security is a bad thing” is a weird take
Does BIOS have secure boot? Or can secure boot be built upon anything?
No. And that is a good thing.
Yes, the kernel loader can do whatever check you want.
Why is that a good thing?
Sure. If you want your boot sector to be a super effective attack vector.
It is already late if your boot sector is writable by anyone who wants to. Moreover, the boot sector isn’t writable if you get access just to the FS.
If I managed to get root, either by compromising account credentials or using some sort of escalation exploit, I could write whatever I wanted to the boot sector. Secure boot will prevent that modified boot sector from booting.
“More security is a bad thing” is a weird take