Matthew Garrett on Nostr: This may seem odd given my position on secure boot, but: I think Boot Guard is ...
This may seem odd given my position on secure boot, but: I think Boot Guard is absolutely pointless in almost all real-world scenarios, and in the scenarios where it matters I think TPM-backed measurement gets almost all the benefit without restricting what users can do with their firmware. AMD's Platform Secure Boot is even more pointless, since it can be bypassed by simply replacing the CPU with an unfused one.
Published at
2025-02-26 20:27:24Event JSON
{
"id": "cfd051956802657599de4a70c1fc7b22d402d33ccfbf131e4aefee4b7daa44f2",
"pubkey": "ef5e80e6c74387ef14f5c6b89079f22b6847dc14365001c0ed662a20bd891677",
"created_at": 1740601644,
"kind": 1,
"tags": [
[
"proxy",
"https://nondeterministic.computer/users/mjg59/statuses/114072069345734167",
"activitypub"
]
],
"content": "This may seem odd given my position on secure boot, but: I think Boot Guard is absolutely pointless in almost all real-world scenarios, and in the scenarios where it matters I think TPM-backed measurement gets almost all the benefit without restricting what users can do with their firmware. AMD's Platform Secure Boot is even more pointless, since it can be bypassed by simply replacing the CPU with an unfused one.",
"sig": "35cb080edf596de89968959c72f6201fb12069088b6692200a2a7b6371f058ec16e279239a421bbc672bdd8338561f60a8942a6c97c7db89f664017049cb57cd"
}
