"Secure boot" How much security do I really need?

I am NOT convinced that the extra hassle and intellectual overhead demanded by using secure boot is actually compensated in terms of extra security. Are you really worried about someone installing a root kit in an OS that almost nobody uses? What great criminal mastermind is going to take the time to write it? Does your personal computer actually store information that would genuinely interest anyone other than yourself?

@oxwrongagain I don’t use it, it’s only full disk encryption is the default for Aeon, so I use TPM instead on one system, the other uses fallback mode so at boot enter the paraphrase.

1 Like

problem is, there is malware that affects BIOS itself, which, if I understand correctly, is the same on most computers regardless of what OS you’re using
if I remember correctly, that is exactly what “rootkit” means, a BIOS malware
which is actually pretty difficult to detect or deal with, from what I heard
which is also a reason why there are BIOS updates
although I heard that updating your BIOS involves risk of irreversibly bricking your PC (in case something happens during the update, like a power outage, an error, etc.)
one computer science graduate told me a way to reset BIOS in case that happens, but I haven’t personally tried to do so, so idk how reliable it is

I do use secure-boot. I’m not finding much “extra hassle and intellectual overhead”. I mainly use it to test secure-boot support.

Does it provide real security? I’m doubtful. It seems more like security theater.

1 Like

I remember watching a video about it, where the author researched quite a bit about the secure boot topic
I’m not tech savvy, so I did not bother to remember anything except the conclusion, and the conclusion was - yes, secure boot is useful

all in all, I personally would ask questions like this to a security expert
but not that I know a lot of them, hah

Hi @malcolmlewis ,

Thanks for the reply!

I am secured and encrypted out the WAZOO! … Call me oxFortKnox! … For years, I have taken every little security threat seriously …

I certainly don’t have anything against security awareness or lock-down … I just have to wonder how much of it makes sense for a personal computer. Hack my box and learn just how BORING I really am!

1 Like

I love the theater!

that is true, regular people are probably targeted the least
I personally still don’t like that someone could do something to my data or machine, I like having more ability to stop it from being able to happen

I guess, at some point, security becomes a question of choice
at least, after you take care of the most vital things

1 Like

@blind_confused don’t use Legacy boot, UEFI and a gpt type disk (which is MBR protected). Depends on the hardware if it’s main stream the fwupdate should take care of it(?). My HP systems can do this via USB, for my HPZ440 there is a linux rpm provided to upgrade the BIOS…

@oxwrongagain oh I don’t run a firewall(s) either on my internal lan…

Awesome!

“I heard”, “my girlfriend’s second cousin said …” … LOL … what is the objective evidence? And so you don’t feel attacked, I am NOT attacking you … just having a little fun with the ideas expressed … and this is the point of starting this thread … to get some objectively well thought out ideas about security … not the knee jerk common wisdom ( or lack there-of)

OK! One person who thinks it is silly to run a firewall behind a firewall! I agree! And I buy the â– â– â– â– â– â– â– â–  and actually do run a firewall behind a firewall!

Actually, I don’t want to ask a security expert. I would much rather learn the opinions of real people with real needs. What are your security concerns? Are they shaped by legitimate personal needs or by mass media induced paranoia?

I really want to think about this carefully … to find some kind of balance perhaps.

It is so EASY to take what the “experts” feed us and run with it …

But when it comes to you and I … and what we really need … we are the experts!

If you don’t live under a stone, you maybe heard of botnets. Even if nobody wants your data, your machine is valuable to get used in criminial activities. As example for DDoS attacks a high amount of boxes is needed (home, university, IoT boxes, …). And nowadays it takes nearly zero efforts from hackers to incorporate your box into their nets…

Actually, I DO live under a stone. And even from under my stone, I have heard of bots, though I have never written one. As I have stated already, I am somewhat maniacal about system security. What do you think is a reasonable approach to security?

My setup is “secure boot” enabled + the firewall on my router + my system level firewall + luks2 encrypted all data, including root

Are you as paranoid as me? What aspects of this regime might be reasonably relaxed?

Agreed, a botnet is something hacker might want to use your computer for.

Bookmarked as thing for myself to look in to but not done yet

Already 3 times earlier linked on this forum.
An outgoing firewall would prevent botnets…

1 Like

@marel ,

Thanks for the interesting link!

I use my personal computer to hold personal data related to a number of voluntary organisations for which I work. As I live in the UK where the EU GDPR applies, I am therefore bound to observe the requirements of the GDPR in relation to this personal data, namely to take all reasonable steps to avoid disclosure or loss of any of this data.
How much security you need depends on your personal circumstances.

@oxwrongagain Run the command ss -tr or just ss to see what is doing what or use wireshark… I run local dns here so things are somewhat locked down in that respect. By default Aeon has no firewall, no services are running exposed to the internet, plus system is read-only…

Thanks @malcolmlewis ,

I did not know about the ss command. Nice little tool!