I'm pretty sure even the red hat spooks are whitelisted in secureboot
Discussion
there is some circuitous process that can be performed to access a "free" KYC signature on kernels a bit like LetsEncrypt for SSL/TLS
you can also add a CA to your bios and sign with that
Lol, classic DIY CA.
If I’m gonna do that, I should just launch Honest Jimbo’s Discount Certificate Authority and sell certs for sats. 🤔
not really any need, you can make them for your own gear in a few minutes
I think everything based on certificate authority is fiat and should be abolished.
Better landlock hardware on software with my sign (or a sign I decide to trust). The whitelist in uefi db is pretty much the list of orgs that I wouldnt trust to make my hardware not porposefully explode.
it's a deliberate obfuscation of the problem of physical security
if your computer is physically accessible to strangers, then they can tamper with it, and this is what the whole thing is for... but a simple fucking encryption key and bios password will do this for you, and even if they flip the bios battery out physically the encryption stops them from seeing your stuff... and they can do this even with UEFI, so it's a total sham, the only security for physical access is a fucking encryption key, and that means a strong password and not a physical token
if your computer is behind locked doors and should be physically secure none of this is needed and anyway, only full disk encryption actually works, assuming a decent fucking password
lol, this thing about hardware exploding is gonna become a meme now
those heebies in ISI did something that their entire cabal is gonna regret
they have shredded confidence in hardware
literally blowing up is what everyone was afraid of about computers when i was a kid with boundless curiosity to press buttons, and most of the time stuff didn't break, but sometimes it did
but literal blowing up, oh yes there is gonna be a problem from this