Web lists-archives.com

Re: Q: secure boot

On Tue, Nov 06, 2018 at 09:01:23AM +0900, Hideki Yamane wrote:
> On Mon, 5 Nov 2018 23:52:35 +0100
> Adam Borowski <kilobyte@xxxxxxxxxx> wrote:
> > Another question: do we want it?  It's beneficial only if you can not only
> > add your own keys but also _remove_ built-in ones, and typical "consumer"
> > machines don't allow that.
>  I disagree it. With my understand, secure boot support in Debian is we can
>  install Debian without modifying secureboot option in BIOS.

But only the stock kernel, which turns it non-free software.

There's no benefits for us, too -- a thief or attacker can boot/install
Windows, read any non-encrypted data, etc.  We're better off if we don't
support secureboot on such hardware.  Debian has enough use share to be
named when governments are concerned -- if we start providing "secure"boot
enabled kernels, it'd be an easy sell to lock down consumer machines to
disallow kernels not blessed by Microsoft's key.

⢀⣴⠾⠻⢶⣦⠀ Have you heard of the Amber Road?  For thousands of years, the
⣾⠁⢰⠒⠀⣿⡁ Romans and co valued amber, hauled through the Europe over the
⢿⡄⠘⠷⠚⠋⠀ mountains and along the Vistula, from Gdańsk.  To where it came
⠈⠳⣄⠀⠀⠀⠀ together with silk (judging by today's amber stalls).