Gentoo Archives: gentoo-dev

From: Graham Murray <graham@×××××××××××.uk>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo
Date: Sun, 17 Jun 2012 19:21:42
Message-Id: 87395tycd2.fsf@einstein.gmurray.org.uk
In Reply to: Re: [gentoo-dev] Re: UEFI secure boot and Gentoo by Sascha Cunz
Sascha Cunz <sascha-ml@×××××××××.org> writes:

> You've said yourself, that "some removable media might not require signatures" > in order to boot. Well, if that is the case, then isn't this defeating the > whole point of Secure Boot at that stage?
Not necessarily. As has been stated previously, secure boot is not intended to protect against an attacker who has physical access. So even if allowing boot from removable media, it does protect against malware which corrupts/infects the hard drive boot image.