ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities.
It’s not flawed at all. But its purpose isn’t actually to secure anything. Its purpose is to complicate the installation of alternative OS and to perpetuate vendor lock in, while sounding like it’s “for your security”. In that regard, it has succeeded.
There is also TPM and Microsoft Pluton, which serve the same purpose.
A very large portion of Microsoft’s efforts are dedicated to this. If they redirected just a bit of their work force to fixing their products, maybe people would actually want to use them, instead of being forced to.
Arch Wiki had pointed out for years that Secure Boot is a flawed mechanism.
It’s not flawed at all. But its purpose isn’t actually to secure anything. Its purpose is to complicate the installation of alternative OS and to perpetuate vendor lock in, while sounding like it’s “for your security”. In that regard, it has succeeded.
There is also TPM and Microsoft Pluton, which serve the same purpose.
A very large portion of Microsoft’s efforts are dedicated to this. If they redirected just a bit of their work force to fixing their products, maybe people would actually want to use them, instead of being forced to.