Hacker News new | past | comments | ask | show | jobs | submit login

Maybe some of this is legitimate, but the user being able to install their own firmware is not a security vulnerability. Yesterday I had to download a large ISO for a friend instead of using the Linux.efi file I use on my laptop because their's was made "secure" by Microsoft.



> the user being able to install their own firmware is not a security vulnerability.

That's actually a feature. I consider this a fundamental right I demand on most equipment I buy.

I have no issues with UEFI secureboot as long as it can be disabled and/or put under the users control.

If not, that's strictly a vendor issue and best solved by not buying stuff from that vendor.


I don't think it would have been a big problem if you are allowed to put your own secureboot public key.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: