(BTW, you replied to only me instead of the mailing list, so nobody else can see what you said to me.) You won't be getting an infected OS if you disable Secure Boot, it's solely meant for rootkits, aka malware that operate on the UEFI level (the part of the system before it loads the OS), like Denuvo for example. In the end, common sense is always the best anti virus, just don't click on random ads, don't click on weird links, don't open random email attachments, browse with Javascript disabled unless you really need it, and so on. On 2023年07月25日 17:40, Lone_Wolf wrote:
On 25-07-2023 14:30, Source Code wrote:
Hi everyone! I just wanna say some questions: 1. I can not find anywhere about why Arch Linux developers do not make secure for Arch Linux. Why? And will secure be in Arch Linux in the future? 2. I read the https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secur... and now I don’t see information about ship. Why?
A few of the reasons to stay away from SB
Secure Boot only works on systems using UEFI. Systems using BIOS don't support SB at all.
When secure boot is enabled uefi requires signed firmware to allow hardware components to function.
Those components are typically signed with microsoft keys and if you don't trust their keys your system will refuse to boot or be severely crippled.
Enabling SB forces you to trust microsoft .
Who controls whether something is secure or not ?
With SB active the answer is :simple : NOT YOU.
SB works best with systems that undergo very little change. A rolling release distributions like archlinux is the opposite of what SB is designed to work with.
SB can increase security in certain situations but comes with a substantial price tag .
Personally I feel SB disadvantages massively outweight the benefits.
Lone_Wolf
-- lain. Did you know that? 90% of all emails sent on a daily basis are being sent in plain text, and it's super easy to intercept emails as they flow over the internet? Never send passwords, tokens, personal information, or other volunerable information without proper PGP encryption! If you're writing your emails unencrypted, please consider sending PGP encrypted emails for security reasons. You can find my PGP public key at: https://fair.moe/lain.asc Every good email client is able to send encrypted emails. If yours can't, then you should consider switching to a secure email client, because yours just sucks. My recommendations are Claws Mail or NeoMutt. For instructions on how to encrypt your emails: https://unixsheikh.com/tutorials/gnupg-tutorial.html