this post was submitted on 15 Jul 2026
254 points (98.5% liked)

Technology

86426 readers
2958 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS
top 50 comments
sorted by: hot top controversial new old
[–] Kongar@lemmy.dbzer0.com 125 points 3 days ago (13 children)

Unpopular opinion but I’m dying on this hill. Secure boot creates more problems than it solves.

[–] agelord@lemmy.world 16 points 2 days ago

That's a very popular opinion.

[–] JiveTurkey@lemmy.world 81 points 3 days ago (2 children)

I'd argue this is actually a popular opinion. IMO secureboot has just become a way for Microsoft to leverage it's position and keep a strangle hold on industries they have no business being in.

The whole kernel level anti-cheat on win11 bullshit in the gaming industry is a good example. Essentially locking games to its platform and willing to sacrifice security to do so at our expense.

[–] defaultusername@lemmy.dbzer0.com 23 points 3 days ago (1 children)

This is especially true on computers where it is impossible to change the signing keys. Smartphones, game consoles, many laptops, some desktops, smart TVs, IoT devices, modern cars, etc.

[–] ILikeBoobies@lemmy.ca 7 points 3 days ago (1 children)

Only in tech circles, it says secure and that's enough for most people.

[–] ExLisper@lemmy.curiana.net 21 points 3 days ago (2 children)

Outside of tech circles most people think secure boot looks something like this

[–] skaffi@infosec.pub 2 points 1 day ago

You think that's a safety boot you've got there? It's anything but! It is clearly the bottommost part of a certain powered hazmat suit - why, it's a Hazard Boot! You'll need to ask one of the egg heads whether Secure Boot is a part of its boot sequence, though.

Poor Gordon Freeman, running around out there somewhere, with just one Hazard Boot. I guess you'll find that his other leg is running with Insecure Foot, then.

[–] Valmond@lemmy.dbzer0.com 2 points 2 days ago

Fantastic 😂 ! Thanks for the laugh.

[–] goferking0@lemmy.sdf.org 18 points 2 days ago

That's like saying windows 11 doesn't need tpm chips, an extremely popular opinion

[–] Gsus4@mander.xyz 5 points 3 days ago (1 children)
[–] chaogomu@lemmy.world 6 points 3 days ago (1 children)

Popular is the wrong question, the correct question is, how many machines is this default on.

[–] incompetent@programming.dev 1 points 2 days ago

And, how many people switch to something other than the default? Most W11 users are just going to go with whatever the computer says it's doing without changing anything. They're either ignorant of the options available, or scared of breaking something if they make a change.

load more comments (9 replies)
[–] CriticalMiss@lemmy.world 70 points 3 days ago (1 children)

Arch Wiki had pointed out for years that Secure Boot is a flawed mechanism.

[–] black0ut@pawb.social 16 points 2 days ago (1 children)

It's not flawed at all. But its purpose isn't actually to secure anything. Its purpose is to complicate the installation of alternative OS and to perpetuate vendor lock in, while sounding like it's "for your security". In that regard, it has succeeded.

There is also TPM and Microsoft Pluton, which serve the same purpose.

[–] AnUnusualRelic@lemmy.world 1 points 2 days ago

A very large portion of Microsoft's efforts are dedicated to this. If they redirected just a bit of their work force to fixing their products, maybe people would actually want to use them, instead of being forced to.

[–] dan69@lemmy.world 4 points 2 days ago

Few years ago I watched this engineer who used an rp3 to hack a bit locker encryption key.

[–] A_norny_mousse@piefed.zip 32 points 3 days ago (4 children)

11 old and forgotten UEFI shim bootloaders at versions 0.9 and below that can be used to bypass UEFI Secure Boot on any UEFI-based machine that trusts Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate authority (CA) certificate, regardless of the installed operating system (OS).

This "Trust" is one of my pet peeves. It's $$$.

[–] naticus@lemmy.world 17 points 3 days ago (1 children)

I get why you'd dislike that wording, but this is also how all certificate stores work, regardless of whether we're talking Secure Boot, Windows or Linux. Gotta trust the top level as providing legitimate certificates to then trust everything underlying as coming from the correct parties.

Certificate are something I work with constantly at work and I fucking hate resolving issues with them lol.

[–] A_norny_mousse@piefed.zip 14 points 3 days ago

I get why you’d dislike that wording

It's not just the wording.

this is also how all certificate stores work

Precisely.

Check out cacert.org and why it never gained "Trust". Hint: $$$

[–] JiveTurkey@lemmy.world 6 points 3 days ago (1 children)

Add this to the pile of reasons why M$ is a joke and people should stop using them. Nothing they make is so good that you need to stick around.

[–] orclev@lemmy.world 6 points 3 days ago* (last edited 3 days ago)

MS has mastered the one thing businesses love which is being perfectly mediocre. If you present a business two pieces of software one that does one thing really well but nothing else, and one that does three things terribly, they'll pick the one that does three things terribly every time. That's the MS design, it smears a thin coating of suck across as broad a surface as possible and then advertises that it does everything.

load more comments (2 replies)
[–] Marija@discuss.tchncs.de 3 points 2 days ago

That's the scary part about security assumptions.

[–] fubarx@lemmy.world 4 points 2 days ago
[–] krigo666@lemmy.world 13 points 3 days ago

All it takes for it to be 'broken' is to be from Microslop.

[–] Beangut@lemmy.world 1 points 2 days ago

My word of advice; any security implementation by an actor who has a fiscal responsibility and/or incentive is inherently flawed.

You are handing your keys to a whore.

load more comments
view more: next ›