The obvious answer to "Does UEFI Secure Boot add any actual security" is "Basically every cache of leaked documents from state-level actors or companies selling shit to them has included discussion of how to circumvent UEFI Secure Boot" and why would they bother if it didn't

@mjg59 It's the usual security story

It's not perfect, so it's clearly trash

I mean, sure it has a ton of problems, but it's how things start

My biggest complaint from the security Very Serious People is the expectation you can go from 0% to 100% on the first try

@mjg59 The biggest problem I see is that the keys are in the hands of microsoft. I would rather see them at a better organisation like e.g. the EU

@JCWasmx86 Given the EU's apparent desire to force browsers to trust any CA the EU deems trustworthy regardless of their technical competence, I'm not sure I'd pick them, but yes, I'd prefer it not to be Microsoft - but nobody else with a reasonable degree of competence has offered

@JCWasmx86 Running the UEFI CA costs Microsoft a shitload of money and I'm sure they'd actually be happy to transfer it to a competent authority that offered to take over instead

@mjg59 @JCWasmx86 Maybe the Linux Foundation? They already sponsor Sigstore I think, they seem like they'd be a good home for it.

@jawnsy @JCWasmx86 They looked into it in 2012 and said no

@mjg59 im sure you can make a better argument than that. youtube is full of lockpicking videos, so locks must be secure. im being a little facetious, but not a lot.

compare this to tor- the project talks about ways to circumvent it because its not perfect- we know about silk road- but we are pretty sure it has protected a whole lot of users. and of course improper use can make anything insecure.

without the facetiousness: the existence of the discussion of breaking it means literally nothing, its the content of the discussion that is a measure of how secure it is. you may be privy to it, but unless we are, literally "so what?"

@trdebunked If locks didn't provide security, there'd be much less interest in picking locks. Security isn't a binary state, it's heavily influenced by how skilled and funded your attackers are.

@mjg59 Yes, similarly as my door adds physical security for getting into my house. With the right set of tools it can be can be torn off the hinges, but still I feel safer having a door, an not just plain doorway...

@mjg59 Generally I think that the best way to practically understand "virtual" security and access control is to reflect that with physical security.

@jarkko @mjg59

My mother felt a lot safer with a screen door.

No lock on it; just a screen.

And she busted it, more than once, by simply accidently walking through it.

But still, she felt a lot safer with it there.

🙄