Jeff wrote:
>On Sun, Jan 22, 2023 at 9:51 PM Russell L. Harris <russ...@rlharris.org> wrote:
>
>> 2) So I turn on Secure Boot?
>
>I recommend turning SecureBoot off.
>
> - UEFI
> * GPT = on
> * SecureBoot = off
>
>And legacy modes, like BIOS legacy = off.
>
>In SecureBoot, the only thing that is attested are the disk images.
>There's no guarantees about the program once it is in-memory and
>executing. What's being executed in-memory is the important thing.
>
>The biggest accomplishment SecureBoot achieved under Windows 8 was
>locking out other operating systems. And that did not last very long.
Sigh. Secure Boot also does a reasonable job of blocking persistent
pre-boot malware, which is absolutely worth doing.
--
Steve McIntyre, Cambridge, UK. st...@einval.com
< sladen> I actually stayed in a hotel and arrived to find a post-it
note stuck to the mini-bar saying "Paul: This fridge and
fittings are the correct way around and do not need altering"
