I feel like if someone else has had physical access to the computer though secure boot isn’t going to really protect you. It could have a hardware keylogger in it now for all you know. I mean that’s probably unlikely, but is it really that much more unlikely than someone sneakily replacing kernel modules and things instead of just installing user mode malware that secure boot wouldn’t catch?
It’s meant to protect the software, not the hardware. Of course you can still put a hardware keylogger on it.
You’re also only considering the use case of the owner and user being the same person. In a business context, the user and the owner are two different persons. It can be used to ensure the company’s MDM and security software aren’t tampered with, for example if you try to exfiltrate company data. In that situation, even if you have a keylogger, it doesn’t help you much, it still won’t allow you root access on the machine, because the user of the machine doesn’t have root access either.
Same with servers: you don’t even care if the hardware is keylogged, nobody’s ever using the local console anyway. But it’ll tell you if a tech at the datacentre opened the case, and they can’t backdoor the OS during a planned hardware maintenance.
Same with kiosk machines: you can deface the hardware all you want, the machine’s still not gonna let you order a free sandwich. If you buy one off eBay you can bypass secure boot and wipe it and use it, but it won’t let you sneak a USB on it while nobody’s watching and attack the network or anything like that.
But yes, for most consumers it’s a bit less useful and often exploited in anti-consumer ways.
I feel like if someone else has had physical access to the computer though secure boot isn’t going to really protect you. It could have a hardware keylogger in it now for all you know. I mean that’s probably unlikely, but is it really that much more unlikely than someone sneakily replacing kernel modules and things instead of just installing user mode malware that secure boot wouldn’t catch?
It’s meant to protect the software, not the hardware. Of course you can still put a hardware keylogger on it.
You’re also only considering the use case of the owner and user being the same person. In a business context, the user and the owner are two different persons. It can be used to ensure the company’s MDM and security software aren’t tampered with, for example if you try to exfiltrate company data. In that situation, even if you have a keylogger, it doesn’t help you much, it still won’t allow you root access on the machine, because the user of the machine doesn’t have root access either.
Same with servers: you don’t even care if the hardware is keylogged, nobody’s ever using the local console anyway. But it’ll tell you if a tech at the datacentre opened the case, and they can’t backdoor the OS during a planned hardware maintenance.
Same with kiosk machines: you can deface the hardware all you want, the machine’s still not gonna let you order a free sandwich. If you buy one off eBay you can bypass secure boot and wipe it and use it, but it won’t let you sneak a USB on it while nobody’s watching and attack the network or anything like that.
But yes, for most consumers it’s a bit less useful and often exploited in anti-consumer ways.