Hacker News new | past | comments | ask | show | jobs | submit login

Do you secure boot your systems?



I do but with my own PK. The problem is if the box has run untrusted code prior to that you can't trust it anymore.

This is a bigger problem when you have a huge fleet of these already rather than my few servers in my home lab that I can manually enroll my own keys in.


>The problem is if the box has run untrusted code prior to that you can't trust it anymore.

If that's your threat model you shouldn't trust your computers anyway. You don't know what things have been inserted into the chips on the motherboard. You don't know what code is in your operating system and applications. You don't know what code the controllers on your storage devices are running. You don't know if there is a cellular chip on your motherboard or a chip that is waiting for a certain frequency radio wave to leak all your shit. You don't know that all the code on your system is RCE free or LPE free. You don't know that there aren't any insiders at your software vendors signing bad code to send to you. You haven't personally audited the binaries on your system or even their source code.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: