Hello, I hope my question makes sense. It concerns Guix grub UEFI bootloaders.
I would like to understand in which extent Guix functional approach helps to secure the computer with regards to an early boot malicious code/malware infection. As far as I understand, Guix doesn't provide means to automatically sign bootloaders and kernels in order to use UEFI secure boot after each system reconfigure (assuming a PKI is properly implemented). Hence, using secure boot with Guix is currently not viable (am i correct?). In this context, can I assume that the risk of not having secure boot is minimized by the fact that in each system reconfiguration, the early boot chain is overwritten is such a way that, if a malicious is introduced somehow, it will be also overwritten? Am I correct? In addition, how much more difficult it is to introduce such malicious code in a Guix system giving its functional approach and store system? (in comparison with others Linux distributions). I know that Guix provides an amazing approach to secure software supply chain, but I as wondering if not having secure boot can be considered a major drawback for Guix. Best regards -- Antonio Carlos PADOAN JUNIOR GPG fingerprint: 243F 237F 2DD3 4DCA 4EA3 1341 2481 90F9 B421 A6C9
