Last time I enabled secure boot it was with a unified kernel image, there was nothing on the EFI partition that was unsigned.
Idk about the default shim setup but using dracut with uki, rolled keys and luks it'd be secure.
After this you're protected from offline attacks only though, unless you sign the UKI on a different device any program with root could still sign the modified images itself but no one could do an Evil Maid Attack or similar.
Well, it rules out an evil maid attack and maybe jumping over a dual boot setup.
replace a file on the EFI partition.
Doesn't this mean that secure boot would save your ass? If you verify that the boot files are signed (secure boot) then you can't boot these modified files or am I missing something?
Good to see people already training ai to kill.
Though "only" your personal files are at risk cause of permissions.
One thing I'd add would be usb devices, a fast usb drive for example would be limited by your upload and slow down all other users of the network.
Every instance of lemmy and every server that speaks the same protocol knows who up/down voted any post. Your votes are public information.
Every instance of lemmy and every server that speaks the same protocol knows who up/down voted any post. Your votes are public information.
Nah, every instance knows who up/down voted any post, reddit knew this data too but now anyone can spin up an instance to get it.
From what I understand, this either means that this will only affect laptops and similar devices, or that they want to force companies that sell windows PCs to sign a contract disallowing them from selling keyboards without a copilot key, with or without a PC. I think (hope?) they mean the former.