InnerScientist@lemmy.worldtoLinux@lemmy.ml•Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack
3·
11 months agoWell, it rules out an evil maid attack and maybe jumping over a dual boot setup.
Well, it rules out an evil maid attack and maybe jumping over a dual boot setup.
replace a file on the EFI partition.
Doesn’t this mean that secure boot would save your ass? If you verify that the boot files are signed (secure boot) then you can’t boot these modified files or am I missing something?
Every instance of lemmy and every server that speaks the same protocol knows who up/down voted any post. Your votes are public information.
Every instance of lemmy and every server that speaks the same protocol knows who up/down voted any post. Your votes are public information.
Nah, every instance knows who up/down voted any post, reddit knew this data too but now anyone can spin up an instance to get it.
Brb, gotta defederate myself.
Last time I enabled secure boot it was with a unified kernel image, there was nothing on the EFI partition that was unsigned.
Idk about the default shim setup but using dracut with uki, rolled keys and luks it’d be secure.
After this you’re protected from offline attacks only though, unless you sign the UKI on a different device any program with root could still sign the modified images itself but no one could do an Evil Maid Attack or similar.