do real people actually care about bootloader locking or secure boot?
what is your threat model πΉ
#security #cybersecurity #privacy
Discussion
I certainly prefer it, although I sometimes go with legacy BIOS on PC since I'm lazy and don't feel like dealing with graphics drivers shenanigans. A locked bootlocker on my phone though (as apposed to my laptop that is only ever at home or a workplace) feels more non negotiable to me. My 2c anyways.
Have you tried coreboot on certain machines? I know a modern MSI motherboard supports that for Intel ME disabling.
I have coreboot on a Chromebook running Debian, but that's more so just because I needed a real bootloader than me seeking out coreboot. I've never had coreboot on a device that had a functional bootloader by default.
Not really. I would perhaps care on a computer that is physically exposed or that I carry around.
In my case I donβt lock the boot loader or bios. Only protection (which I think itβs more than decent) that I need is a LUKS-encrypted system
I turn that crap off, as Linux doesn't require it or TPM. Besides, threat models are a joke (unless Papal Rome is your threat, in which case, I would agree big time).
I want my phone to have a circuit board with screws in it that are used to manually set binary bits to program the boot loader by hand. Not kidding. Instead of deleting removable batteries, manufacturers should have added stuff like this by now imo
chromebooks usually have a read only screw, not a stretch to think that could be on phones
I just run luks
Yeah, some do. At Masters of The Lair we see it matter when threat model includes border search, device seizure, or evil maid. For you is it more risk or dev friction?