upvote

points

by tosti4 hours ago |
comments
upvoteby ghighi78784 hours ago|
next
[-]
Its a simple solution in law to enable. Force manufacturers to allow owners of computer to put any signing key in the BIOS.

We need this law. Once we have this law, consumers csn get maximum benefit of secure boot withiut losing contorl

reply
upvoteby 20198443 minutes ago|
parent|
next
[-]
Most embedded processors sadly don't have a BIOS, and the signing key is permanently burned into the processor via eFUSEs.
reply
upvoteby miki1232112 hours ago|
parent|
prev|
next
[-]
But that's how it already works.

If you install Windows first, Microsoft takes control (but it graciously allows Linux distros to use their key). If you install Linux first, you take control.

It's perfectly possible for you to maintain your own fully-secure trust chain, including a TPM setup which E.G. lets you keep a 4-digit pin while keeping your system secure against brute force attacks. You can't do that with the 1990s "encryption is all you need" style of system security.

reply
upvoteby PunchyHamster3 hours ago|
parent|
prev|
[-]
> Its a simple solution in law to enable. Force manufacturers to allow owners of computer to put any signing key in the BIOS.

...it's already allowed. The problem is that this isn't the default, but opt in that you need quite a lot of knowledge to set up

reply
upvoteby cferry4 hours ago|
prev|
next
[-]
I make the analogy with a company, because on that front, ownership seems to matter a lot in the Western world. It's like it had to have unfaithful management appointed by another company they're a customer of, as a condition to use their products. Worse, said provider is also a provider for every other business, and their products are not interoperable. How long before courts jump in to prevent this and give back control to the business owner?
reply
upvoteby wat100004 hours ago|
prev|
[-]
This gets tricky. If I click on a link intending to view a picture of a cat, but instead it installs ransomware, is that abiding by its owner or not? It did what I told it to do, but not at all what I wanted.
reply
upvoteby tosti48 minutes ago|
parent|
next
[-]
If you connect your computer to the Internet, it can get hacked. If you leave it logged in unattended or don't use authentication, someone else can use it without your permission.

This isn't rocket science and it has nothing to do with artificially locking down a computer to serve the vendor instead of the owner.

Edit: I'd like to add that no amount of extra warranty from the vendors are going to cover the risk of a malware infection.

reply
upvoteby ghighi78784 hours ago|
parent|
prev|
[-]
We dont need to get philosophical here. You(the admin) can require you (the user) to input a password to signify to you(the admin) to install a ransomware when a link is clicked. That way no control is lost.
reply
upvoteby wat100003 hours ago|
parent|
[-]
What if the cat pictures are an app too? The computer can't require a password specifically for ransomware, just for software in general. The UI flow for cat pictures apps and ransomware will be identical.
reply
upvoteby Zak2 hours ago|
parent|
[-]
A computer that can run arbitrary programs can necessarily run malicious ones. Useful operations are often dangerous, and a completely safe computer isn't very useful.

Some sandboxing and a little friction to reduce mistakes is usually wise, but a general-purpose computer that can't be broken through sufficiently determined misuse by its owner is broken as designed.

reply