TPM + Pin with Secure Boot is still unbroken AFAIK
exu
joined 2 years ago
I don't think you understand what "enrolling your own keys" means in the context of Secure Boot.
The key affected here is specifically for the Linux shim signed by Microsoft. It is used by GRUB and some distros to work with Secure Boot.
Enrolling your own key means you add a new certificate to the key store. This is completely separate from the one provided by Microsoft and controlled only by you. The common recommendation is to remove all built-in keys and only add your own, to make this system as secure as possible.
I'd wait a bit more. As the article says, Canonical recently also upped the RISC-V requirements for their 26.04 LTS and this SBC doesn't meet those.
I agree that having more degrees of usage would be useful, but erring on the side of caution and declaring any AI use as a first step is better than doing nothing.
Is there a list of certified manufacturers/devices somewhere?
I couldn't find anything on the page for the certification, only steps to contact them.
That was the term, thanks
Your root disk is usually mounted at Z: so any ransomware could just encrypt that
Note sure what they're called, but plenty of houses here have metal blinds on the outside that work perfectly for blocking the sun.
Blame Apple for that, as for the longest time they only allowed using the Safari engine on iOS. Apparently that's still the case outside the EU now, meaning Mozilla would need to maintain two versions on iOS.
On any other operating system, Firefox is by far the best at blocking ads with uBlock Origin.
Yep, you need a pin for your TPM to be safe. Here's a proof of concept of someone unlocking Linux systems without TPM pin.
https://oddlama.org/blog/bypassing-disk-encryption-with-tpm2-unlock/