Aaaand it's gone ...
As in the ability to run custom/new kernel-modules on a system with secure boot enabled, without the system considering itself "too tainted" to run certain apps/binaries, that require the system to be "immaculate".
This would also mean, that the old adage "If you can touch it with your hand, you can run unsigned code on it, given the right tools & time." wont be true anymore.
That's why server room doors have access control systems.
But the owner of the device should always be able to modify/circumvent/audit any part of the boot process.
All PCs since the first ones with ME/Trustzone, and all phones in existence are already locked down to some degree, making some kinds of R&D difficult. I see the proposed changes as something, that will ultimately lead power users to have even less control over their own systems.
Or am I wrong here? Please, can somebody provide evidence to the contrary?
This would also mean, that the old adage "If you can touch it with your hand, you can run unsigned code on it, given the right tools & time." wont be true anymore. That's why server room doors have access control systems.
But the owner of the device should always be able to modify/circumvent/audit any part of the boot process.
All PCs since the first ones with ME/Trustzone, and all phones in existence are already locked down to some degree, making some kinds of R&D difficult. I see the proposed changes as something, that will ultimately lead power users to have even less control over their own systems.
Or am I wrong here? Please, can somebody provide evidence to the contrary?