Hacker News new | comments | show | ask | jobs | submit login

SecureBoot implies that firmware installed by running OS must be signed too.



That may not work if your Secureboot implementation is buggy.

The '80s solution to this problem was way easier, and it worked: a switch on the motherboard required physical access to the machine to flash its firmware.


Physical switches are expensive.


Jumpers are not expensive. You've already got dozens of the same kind of pin inside of every classic IDE and floppy connector on a motherboard.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: