Raising the Costs of Migrating

I hate to make pages just to state what is probably already obvious, but I feel it deserves being said. Secure Boot has little to do with securing the boot process. At least in the sense of the word as most people envision.

The industry push built up around Secure Boot has way more to do with securing their product from running non-vendor approved platforms than anything to do with protecting you individually. Big tech always likes to paint things as though it is for safety when in reality it is almost always about control.

Why is it that some boards allow user management of keys or that users are allowed to "disable secure boot"? Simply because it would be too obvious, and too much too soon. The trend is always towards more control and more centralization and so I think hardware designs over the coming years will only reflect this.

And it is already good enough for powerful players that when the odd user takes up interest in running something other than Windows, they must now first disable the big scary sounding "Secure Boot" before being allowed to proceed. Who wants to make their computer less "secure", right? This also checks the box of making competitors, GNU Linux, BSD and others acquire signed keys, special authorization to be allowed to boot with leaving the anti feature enabled.

Does all of this mean that securing the boot process, as specified through UEFI, have no meritt? Of course not. I just do not buy that this was the primary intention by even a long measure. As mentioned earlier, where users can control their own keys, it can present an opportunity to further harden a device. But a realistic model of the threat must be noted, the boot process represents a very small window of time and those attacking the boot sequence generally need physical hardware access.