Le vendredi 10 juillet 2020 à 07:51 -0400, Solomon Peachy a écrit : > On Fri, Jul 10, 2020 at 01:37:14PM +0200, Nicolas Mailhot via devel > wrote: > > If you remove end users from the loop there is zero zip nada need > > for > > secure boot in the first place. The sole function of secure boot > > and > > DRPM is to prevent end users, present in the update loop, from > > doing > > things the manufacturer disagreees with. > > s/manufacturer/device owner/ Nope, manufacturer. There are hundreds of other simpler ways to protect device owner side (physical locks on racks, 2FA auth via a physical button on the device or an sms code, etc). The average device is not sold with locks in the supermarket. The home or office or building or rack door is considered sufficient protection. Evil maid does exist, but applying evil maid generally would require putting locks on everything you buy, from the drawers where you may store sensitive documents someday, to the fridge where the evil maid may serve herself on your precious lagger. The threat scenario has been massively ovehyped to justify giving keys to the manufacturers. -- Nicolas Mailhot _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
