3·
3 days agoThat joke’s so funny, it’s making me a bit wheezy…
data1701d (He/Him)
“Life forms. You precious little lifeforms. You tiny little lifeforms. Where are you?”
- Lt. Cmdr Data, Star Trek: Generations
- 0 Posts
- 6 Comments
Joined 2 years ago
Cake day: March 7th, 2024
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
Didn’t Debian drop i386? Are you running Debian Bookworm?
Personally, Super Star Trek is my favorite terminal game.
MIPS I get, but armel feels a little weird; I’d wager there’s more production users of Debian on armel than RV64 - not a huge use case, but one that merits a bit more consideration.
I think ~2030 would have been a more realistic date, since most of the last devices with ARMv6 would be about 20 years old by then.
That’s precisely why secure boot and TPMs exist - the TPM can store the keys to decrypt the drives and won’t give them unless the signed shim executable can be verified; the shim executable then checks the kernel images, options, and DKMS drivers’ signatures as well. If the boot partition has been tampered with, the drive won’t decrypt except by manual override.
The big problem is Microsoft controls the main secure boot certificate authority, rather than a standards body. This means that either a bad actor stealing the key or Microsoft itself could use a signed malicious binary used to exploit systems.
Still, it’s at least useful against petty theft.
TPM sniffing attacks seem possible, but it looks like the kernel uses parameter and session encryption by default to mitigate that: https://docs.kernel.org/security/tpm/tpm-security.html