On 25-07-2023 14:30, Source Code wrote:
Hi everyone! I just wanna say some questions:
1. I can not find anywhere about why Arch Linux developers do not make
secure for Arch Linux. Why? And will secure be in Arch Linux in the
future?
2. I read the
https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot
and now I don’t see information about ship. Why?
A few of the reasons to stay away from SB
Secure Boot only works on systems using UEFI. Systems using BIOS don't
support SB at all.
When secure boot is enabled uefi requires signed firmware to allow
hardware components to function.
Those components are typically signed with microsoft keys and if you
don't trust their keys your system will refuse to boot or be severely
crippled.
Enabling SB forces you to trust microsoft .
Who controls whether something is secure or not ?
With SB active the answer is :simple : NOT YOU.
SB works best with systems that undergo very little change. A rolling
release distributions like archlinux is the opposite of what SB is
designed to work with.
SB can increase security in certain situations but comes with a
substantial price tag .
Personally I feel SB disadvantages massively outweight the benefits.
Lone_Wolf
