zlacker

[return to "QubesOS – A reasonably secure operating system"]
1. plague+Kh2[view] [source] 2023-07-12 12:43:47
>>TheFre+(OP)
Here's the bit that confuses me: no secure boot.

QubesOS does a lot of good things, but Secure Boot is sort of a nonnegotiable for a lot of security profiles because its one of the few ways you protect boot.

I'd be interested to hear from someone more in the know why they haven't implemented it yet.

◧◩
2. dmm+153[view] [source] 2023-07-12 16:11:12
>>plague+Kh2
I think the optional anti-evil maid support includes secure boot: https://www.qubes-os.org/doc/anti-evil-maid/

> Anti Evil Maid is an implementation of a TPM-based dynamic (Intel TXT) trusted boot for dracut/initramfs-based OSes (Fedora, Qubes, etc.) with a primary goal to prevent Evil Maid attacks.

◧◩◪
3. plague+D25[view] [source] 2023-07-13 02:22:59
>>dmm+153
That makes much more sense, thanks.

Still a bit confusing that its not on by default, but also much more trustable.

[go to top]