On Jul 9, 2012, at 4:38 PM, Graham Cunnington wrote: > > "You can password-protect Grub. This will secure it against malware and > anybody taking over your computer."
Because it's an untrue statement. It is not the same thing as key-signing a boot loader. While GRUB2's UI's can be protected, I can easily cause grub.efi to be replaced with some other bootloader which happens to be malware, or replace the kernel a password protected GRUB2 is set to load with a kernel that contains malware. > e then we already have Secure Boot and the administrators of companies and > home computers will have protected their computers and the Microsoft > initiative becomes unnecessary, at least for Secure Boot (Secure Bios is > another matter and another battle). There is no meaning to secure BIOS. And what you're describing GRUB2 do in lieu of Secure Boot doesn't prevent any of the problems/concerns Secure Boot is supposed to solve. That there are significant negative concerns for how OEM's are going to implement Secure Boot, this is not a compelling argument against Secure Boot or against the real threat of pre-boot malware. Your complaint is with OEMs way more than Microsoft, and way more than GNU GRUB2. Chris Murphy _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel
