If it has secure boot, is opensource, and not dependent on having a single entity approve of self compiled binaries OE blobs (like UEFI forcing Microsoft’s approval of bootloaders), then heck yeah, this might be great! Otherwise, if it’s just some proprietary, closed source alternative to the existing crap, my enthusiasm is limited.
Being tied to a state like Huwei is, is just as bad as being tied to a corporation.
UEFI doesn’t have anything to do with MS. I have deployed desktops at scale with custom CAs for SecureBoot and the Microsoft keys removed on standard off the shelf x86 hardware.
The machine translated version of the Fast Technology/mydrivers article does not mention any of this.
That’s disappointing. But maybe once they officially release it, we will have more information.
Surprised they didn’t call it XiBIOS.
We need to return to BIOS. It was as primitive as it should be. In some regards even more clever than needed. Clever things were done by OS anyway. EFI just added problems while not resolving any issues.
Does BIOS have secure boot? Or can secure boot be built upon anything?
Does BIOS have secure boot?
No. And that is a good thing.
Or can secure boot be built upon anything?
Yes, the kernel loader can do whatever check you want.
No. And that is a good thing.
Why is that a good thing?
No. And that is a good thing.
Sure. If you want your boot sector to be a super effective attack vector.
It is already late if your boot sector is writable by anyone who wants to. Moreover, the boot sector isn’t writable if you get access just to the FS.
If I managed to get root, either by compromising account credentials or using some sort of escalation exploit, I could write whatever I wanted to the boot sector. Secure boot will prevent that modified boot sector from booting.
“More security is a bad thing” is a weird take
