this post was submitted on 07 Oct 2024
367 points (96.5% liked)

Technology

58669 readers
3897 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
367
Microsoft officially recommends a new PC and OneDrive to update to Windows 11 (www.neowin.net)
submitted 1 week ago by Frellwit@lemmy.world to c/technology@lemmy.world
155 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Kongar@lemmy.dbzer0.com 18 points 1 week ago* (last edited 1 week ago) (4 children)

I still for the life of me can’t figure out what’s so great about secure boot and tpm. All it’s ever done for me is prevent me from booting a legitimate OS, or a bootable flash drive with iso images on it (like ventoy). It’s also pretty good at giving me a headache trying to figure out how the keys work and how to register them.

I just turn them both off and live in ignorant bliss.

[–] orclev@lemmy.world 19 points 1 week ago (1 children)

Secure boot and TPM are tools for (among other things) making sure nobody (E.G. a virus or worm) has tampered with your OS and bootloader. You can for instance use both on Linux, it's just by default they come preloaded with Microsofts configuration for loading Windows, and the technical knowledge for how to reconfigure it is a bit arcane.

It's an excellent security tool, it's just abused by Microsoft to discourage competition.

[–] MonkderVierte@lemmy.ml 2 points 1 week ago

Until the next security hole you can't fix with an update.

[–] ooterness@lemmy.world 3 points 1 week ago (3 children)

It's not for you, it's for them. Secure boot means it only runs their operating system, not yours. Trusted enclave means it secures their DRM-ware from tampering by the user who owns the PC.

[–] Takumidesh@lemmy.world 15 points 1 week ago (1 children)

Secure boot means that only the intended bootloader runs, it can be any one, but it just needs to be the intended one.

Secure boot works with Linux.

[–] ooterness@lemmy.world 1 points 1 week ago (1 children)

It works for now on x86-64, yes. For now. As always, we are one "think of the children" crisis away from lobbyists taking that option away.

[–] Takumidesh@lemmy.world 9 points 1 week ago (1 children)

What? I think you maybe just don't know what purpose secure boot serves.

It's not a tool to vendor lock computers, it's a tool to establish a chain of trust to protect the boot process by only allowing cryptographically signed images from executing. Anyone can sign things for secure boot by simply creating an x509 certificate and importing it. If vendors wanted to prevent you from running a different operating system, they would just lock it down completely as is done in many devices like mobile phones and proprietary electronics.

[–] heartfelthumburger@sopuli.xyz 3 points 1 week ago

^ this People are very ignorant about what secure boot actually is.

[–] ftbd 4 points 1 week ago

What do you mean? I remove all vendor keys and enroll my own secure boot keys. This way only my install with my bootloader signed by my keys will boot.

[–] LunchMoneyThief@links.hackliberty.org 3 points 1 week ago

It greatly raises the cost of exploring competing software for the average person.