home bbs files messages ]

Forums before death by AOL, social media and spammers... "We can't have nice things"

   comp.misc      General topics about computers not cover      21,759 messages   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]

   Message 21,276 of 21,759   
   Richmond to Scott Dorsey   
   Re: Microsoft's Secure Boot UEFI Bootloa   
   28 Jul 25 17:03:16   
   
   From: dnomhcir@gmx.com   
      
   kludge@panix.com (Scott Dorsey) writes:   
      
   > Lawrence D'Oliveiro   wrote:   
   >>On Fri, 25 Jul 2025 09:12:41 +0100, Richard Kettlewell wrote:   
   >>   
   >>> 1) Existing devices will continue to boot existing installs.   
   >>>    (So we shouldn’t be panicing about devices failing to boot.)   
   >>   
   >>One of the key things regularly trumpeted about Linux is about its ability   
   >>to give new life to old machines.   
   >   
   > And it does.  I believe this should not matter if you have secure boot   
   > disabled.  If you don't have device encryption enabled, then secure boot   
   > is useless anyway.... and if you do have device encryption enabled you   
   > have a roadmap to deal with this (which may mean buying a new machine   
   > or setting the bios date back, etc.)   
   > --scott   
      
   I checked with my favourite AI which agreed with you, saying that   
   malware can get into firmware or in through other weaknesses. But I   
   wonder why encryption would prevent that, as if malware got in through   
   ssh or through a web browser, then the disk would be decrypted in the   
   same way as for a legitimate user.   
      
   "If you don't have device encryption enabled, an attacker who gains   
   physical access to your device can bypass the secure boot process and   
   install malicious firmware or operating system components."   
      
   "Even without physical access, an attacker can still bypass secure boot   
   if device encryption is not enabled. They can exploit vulnerabilities in   
   the firmware or operating system to bypass secure boot and gain access   
   to the system."   
      
   "You're pointing out a valid concern. Encryption alone doesn't provide a   
   significant security benefit in this scenario. If an attacker gains   
   access to the system through a vulnerability, they can still access the   
   encrypted data. The encryption is primarily designed to protect against   
   physical access to the device, not against network-based attacks.   
      
   In the case of a network-based attack, the encryption is not a   
   significant barrier because the attacker can still access the system and   
   decrypt the data using the same credentials as a legitimate user. Device   
   encryption is more of a barrier against physical theft or unauthorized   
   access to the device itself."   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)   

[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]


(c) 1994,  bbs@darkrealms.ca