Use UEFI Secure Boot NOW!

แชร์
ฝัง
  • เผยแพร่เมื่อ 24 พ.ย. 2024

ความคิดเห็น • 94

  • @JessicaFEREM
    @JessicaFEREM ปีที่แล้ว +30

    I think that secure boot is cool but it sucks that it's a pain to set up if you're using Linux unless your distro specifically supports it

    • @IamLeoRibeiro
      @IamLeoRibeiro 2 หลายเดือนก่อน

      @@JessicaFEREM do you know if can I run mint with secure boot enable? Or it will always crash on inicialization?

  • @Ether_Void
    @Ether_Void ปีที่แล้ว +21

    There are a few things I don't like about Secure Boot.
    For people that use/need hibernation support, that is gone with secure boot. There are patches to use a TPM to sign the image but it will be a pain.
    Microsoft basically owns the entire Secure Boot space, even the Shim loader has to be signed by Microsoft. (Although I think some UEFI installations allow you to remove factory keys)
    But the biggest issue is probably that it's benefits are questionable. The Shim loads a OS that is signed by a user installed key (MOK). The key can be installed via a command from the OS, so there is actually not much from stopping malware from adding the attackers key to the MOK storage region (since the OS can install a mok, the storage region is not locked down). Afaik this was already done by the BlackLotus bootkit where part of it's installation process involved adding the attackers MOK to NvRam so that the shim would load that Bootkit.
    It should also be mentioned that UEFI doesn't really authenticate hardware, there are also a ton of other things like Measured boot via a TPM which doesn't really have much to do with Secure Boot. The Hardware/Firmware image authentication is usually done by things like Intels Boot Guard which is a another layer down, preventing the CPU from initializing if the firmware itself isn't signed. This is actually bad in my opinion because it prevents users from installing open source firmware like coreboot or edk2 based firmware. There is currently no solution to run open source firmware if Boot Guard is enabled which is why manufacturers like System76, StarLabs, Purism don't use it.

    • @nou712
      @nou712 10 หลายเดือนก่อน +3

      The only thing Secure Boot stops is a slightly above average script kiddie / bot, so i suppose secureboot is just about statistically minimizing risks. I saw a video recently with a guy plugging a windows 2000 computer to the internet directly without a NAT in between, and within a few minutes it got a crypto miner or something onto it through the deep blue exploit.

  • @markusTegelane
    @markusTegelane ปีที่แล้ว +5

    I enabled secure boot on my system. It's a dual boot of Windows 11 and KDE Neon, both work with secure boot, altough I did have to run 'dpkg-reconfigure nvidia-dkms', because I have an Nvidia GPU. Then I could reboot and enroll the key for it, so that the nvidia driver would boot successfully. I also had to enroll a key for HackBGRT, because I modified the Windows boot logo.

  • @grogroge
    @grogroge ปีที่แล้ว +8

    Secure boot is great but what are the chance you get infected with a rootkit

  • @terminallyonline5296
    @terminallyonline5296 ปีที่แล้ว +12

    Could we see a tutorial of how to enable Secure Boot with Arch Linux?

    • @markusTegelane
      @markusTegelane ปีที่แล้ว +3

      get ready to enroll those MOKs

    • @terminallyonline5296
      @terminallyonline5296 ปีที่แล้ว +4

      @@Proferk I did, not clear enough on the Arch Wiki. RTFM only works if the manual is helpful enough to the end user.

  • @filipefigueiredo8271
    @filipefigueiredo8271 ปีที่แล้ว +7

    I just wanted to say that Secure boot has been mandatory on all my laptops for the past 2 years, secure boot + a password to your bios = good luck on doing whatever on my laptop if you steal it
    I use Arch btw

    • @Akab
      @Akab ปีที่แล้ว +5

      Yep I also do that, but don't be that guy that leaves the bios password in when reselling the device (happened too often) 😅

    • @xCwieCHRISx
      @xCwieCHRISx ปีที่แล้ว +1

      @@Akab cant you just reset the bios via cmos clear?

    • @avetruetocaesar3463
      @avetruetocaesar3463 10 หลายเดือนก่อน

      @@xCwieCHRISx Some manufacturers like HP make it so that, unless the BIOS controller is replaced, BIOS remains password locked. CMOS flushing or battery replacement won't reset the master password. In my case, it's Insyde, but I'm sure others can also be locked down. It's mostly to do with the systems integrator's laziness, indifference and lack of attention or some combination thereof.

  • @ubemvuossas665
    @ubemvuossas665 ปีที่แล้ว +9

    Secure boot is a headache because I couldn't get arch installed with it enabled (wouldn't even boot from usb) the reason? idk but disabling secure boot fixed it, I also don't have tpm 2, not even in software mode because my mb just doesn't have it, while they are meant as security measures they're most of the time just an awful waste of time (either you work by default or be opt in), the best security measure is not being a dumbass on the internet. I recommend disabling secure boot because unlike your video says it's still a problem to this day if you're not using windows and some distros (most that aren't ubuntu and fedora) require manual implementation from the user.

  • @IdAefixBE
    @IdAefixBE ปีที่แล้ว +15

    You have some good points but I think you (vastly) overestimate Secure Boot's actual efficiency, and understimate how easy it is to bypass.
    Realistically, considering I will myself make a lot of modifiications to my boot code and how trivial the process of enrolling new keys is anyway, I can't see Secure Boot reducing my attack surface enough to justify the pain of managing it in a responsible way. Especially since your solution is to advice people to force-inject the signature everytime you need to, which would eventually lead the unaware user to validating malicious code himself anyway just to get their computer to boot.
    At least you need to explain that signing your own kernel builds without proper and educated review of the modifications made totally undermines its point, before leaving people to tinker with a wrongful feeling of security ^^"

    • @ReflexVE
      @ReflexVE ปีที่แล้ว +6

      Defense in depth isn't about every barrier being perfect, but instead having many different hurdles an attacker needs to bypass to reach your most important data or completely take control of the device. Secure Boot certainly isn't perfect, but it's one of your stronger defenses and an attacker must have a vuln ready for it to get very far into your system. Chances of that alongside necessary vuln for other barriers is vastly reduced.

  • @leeh.1900
    @leeh.1900 ปีที่แล้ว +5

    Hey Trafotin...what are your thoughts on the recent changes to the RedHat universe? Think we can trust RHEL/IBM to keep putting out a good Fedora DE??

    • @ReflexVE
      @ReflexVE ปีที่แล้ว +5

      Fedora is upstream from RHEL, the decision made by Red Hat does not impact Fedora since RHEL is downstream from it.

  • @9SMTM6
    @9SMTM6 ปีที่แล้ว +14

    I will say this. Setting up Secureboot can be a nightmare.
    I have setup Fedora + Nvidia proprietary drivers + secureboot in the past, and at least at that point, the process with mokutils etc wasn't documented properly at all. I had to stitch together a few guides for much older Fedora versions and other guides to make it work.
    These days I've got a Framework laptop with an Archbased distro, and I can just use 'sbctl' to manage secureboot. Its SO MUCH EASIER than mokutil was. Just not sure if this would work on any Laptop. I think this goes into what you were talking about. The framework as great Linux Support, and it's UEFI supports setting the platform keys (? Or one of these, the one that has Microsoft keys by default).
    But still that setup, while at least nicely documented, wasn't without issues. I set this up with other stuff, and then realized that my docking station and ethernet adapter were not working. Turns out you better install the Microsoft keys too if you want support of much of these things, after I did that on a hunch, they suddenly started working again.

    • @Trafotin
      @Trafotin  ปีที่แล้ว +10

      If you dual boot on one drive (like a laptop), I have read about this. I refuse to dual boot on one drive out of paranoia Microsoft bricks grub.

    • @9SMTM6
      @9SMTM6 ปีที่แล้ว +2

      @@Trafotin if you mean the enrolling of MS Keys on Archbased to support Hardware, nah, that's not a dualboot system.
      Fedora was.
      But the setup I've done with sbctl REPLACES some keys that are installed by default. So on my Laptop I don't need to use a tool that MS deigned to sign, I can sign stuff myself. But if I do that I have to add back support for MS Keys, otherwise some stuff doesn't work. Not ENTIRELY sure why, perhaps they are actually signed with certs from Ms, tho that doesn't really make sense to me.
      It's also been a while since I've set it up, so I don't really remember. Security stuff like these is sadly complex by nature, and since I hate it I don't do it on a daily basis and forget about it after I have not done it for some time, I just remember the red flags.

    • @orbital1337
      @orbital1337 ปีที่แล้ว +1

      @@9SMTM6 If you install the keys without the microsoft keys, you can actually brick your system. Hardware components can run their own code during boot to start up properly and this code also has to be signed. You got lucky that it was only non-essential parts of your system that stopped working - there are reports of people being unable to boot entirely.
      The fact that users cannot easily change the keys used by secure boot is why it is such a fatally flawed technology. There are bootloaders with publicly known vulnerabilities that are signed with the Microsoft keys. This allows attackers to bypass secure boot entirely.

    • @9SMTM6
      @9SMTM6 ปีที่แล้ว

      @@orbital1337 oh I knew that was safe, based on documentation from Framework.
      The situation you're referring to was why I didn't add the MS Keys at first. I was unaware that even plug and play hardware would need them.

    • @IdAefixBE
      @IdAefixBE ปีที่แล้ว +2

      The real question is : is using Secure Boot relevant in any way if you basically enroll anything to it ?
      I believe the real attack vector is somewhere else, and if your provider or process for installing and updating kernel/firmwares is compromised, using tools to forcefully sign them will render Secure Boot useless in the real world. It's like using a firewall but allowing it to make exceptions everytime you're asked without further review...
      Secure Boot has a point for Windows or machines running some LTS Linux, if you're down to the point of regularly using tools to force it to run your builds without a deep understanding of the modifications you've made, it's got nothing for you really.

  • @ZAlexratul
    @ZAlexratul 11 หลายเดือนก่อน +1

    Hey thanks for the contribution! That's something that i really wanted to do for my Linux. And after some study of the scripts. Which is the execution order for the scripts? Because I can't find it on the GitLab repo. Thanks.

    • @Trafotin
      @Trafotin  11 หลายเดือนก่อน +1

      If you go to my GitLab in the description, you run nvidia-fedora-keygen, you will prompted to create a one-time password. Then reboot, you will be prompted to enter your password and trust your key. Then afterwards, boot in and install the Nvidia drivers as normal with nvidia-fedora-current.
      EDIT: .sh is a TLD, so removed the extension.

  • @4sat564
    @4sat564 ปีที่แล้ว +16

    Understood. The channel is backed by Microsoft

    • @JakeSwett
      @JakeSwett ปีที่แล้ว +4

      😂

    • @Trafotin
      @Trafotin  ปีที่แล้ว +12

      Yeah, they love my Panos Panay fan videos. 😂

  • @Gengingen
    @Gengingen 10 หลายเดือนก่อน

    Great job! Thank you!

  • @alexgghlebg5375
    @alexgghlebg5375 ปีที่แล้ว

    As a archlinux user, secure boot is a bit hard 1 of 2 reboot or shutdown it possible that your system don't boot at all with a great led on while boot on my motherboard.
    so yes i want to know how it possible to add mok key to bios for every OS that i use on my computer depend on my need it's really annoying because i use esxi vmware for server case, archlinux for more day to day workload and finally an tailOS to do some osint stuff and forensics and also truenas to move like 1Tb of data oven networking while keep a great speed.
    one general script that work for all could be good in my case as this 3 OS work completly diffetrent even in their file system and syscall.

  • @youtube.user.1234
    @youtube.user.1234 ปีที่แล้ว

    I dual boot windows 11 and Fedora 37 (I haven’t upgraded to 38 yet). On Fedora I haven’t installed any extra drivers (for WiFi). So can I turn on Secure Boot and expect no issues?

  • @ReflexVE
    @ReflexVE ปีที่แล้ว +2

    Thank you for this video. I've struggled to get Linux users to understand why secure boot is important and that distros that say to disable it are unsafe.

    • @ReflexVE
      @ReflexVE ปีที่แล้ว +2

      @dreaper5813 The downside, as mentioned in the video, is significantly reduced baseline security and the potential to get your motherboard rooted in an unrecoverable way. That said, yes a lot of people seem to enjoy playing Russian roulette with their computers...

    • @ReflexVE
      @ReflexVE ปีที่แล้ว +3

      @dreaper5813 Secure boot protects against device rooting both local and remote. You are demonstrating why so many Linux users are ignorant of security however. Linux is not secure by default. Many distros ship with the firewall switched off. Most users insist on installing apps via a package manager with root permissions vs flatpak/snap/appimage. There is little consideration of supply chain attacks and users willfully downgrade their security as you mention here. The non server Linux user base is a very ripe target, unfortunately.

    • @ReflexVE
      @ReflexVE ปีที่แล้ว

      @@Lu-Die-MilchQ Again,layered security is important to protect against bugs and mistakes. Humans make mistakes, no operating system should have a security posture that assumes developers and packagers are perfect.

  • @rac06oon
    @rac06oon 10 วันที่ผ่านมา

    ok so I'm a bit confused... unfortunately with the windows end of life I moved to linux more specifically to fedora jam because I make music also. but in comparison with lets say linux mint 22. in fedora's device and firmware security both boxes are red/failed and again unfortunately my system is old GIGABYTE 78LMT-USB 3.0 for motherboard and amd fx6300 for CPU. An investment for a new machine is out of the table because I just can't afford it. 😔

    • @Trafotin
      @Trafotin  3 วันที่ผ่านมา +1

      Older versions of UEFI or EFI don't support Secure Boot properly. There have also been incidents where keys in older machines were compromised by bad actors. Sorry about the money situation.

    • @rac06oon
      @rac06oon 3 วันที่ผ่านมา

      @Trafotin Hello !!! can you please explain to me more simple what it means keys where compromised?

    • @rac06oon
      @rac06oon 2 วันที่ผ่านมา

      ​@@Trafotin should I be worried in long term as far I run fedora jam 41 on bios mode with that you said about keys where compromised on older systems?

    • @Trafotin
      @Trafotin  2 วันที่ผ่านมา +1

      @@rac06oon If you are concerned with physical attacks maybe, but I think your money problems are more pressing.

    • @rac06oon
      @rac06oon 2 วันที่ผ่านมา

      @@Trafotin well it's about 95 to 100% impossible for someone with bad intentions to come physically in my home and attack my pc. So for now I think I'm good. For sure also if I mnage to get some money then I'll gonna invest on a prebuild linux machine .

  • @stephenanthony5923
    @stephenanthony5923 ปีที่แล้ว +4

    This is a really important vid for Linux newcomers like myself. Thank you. How well does Debian handle self-signed secure boot keys? Ubuntu sounds like the convenient option

  • @Sam-iy1kv
    @Sam-iy1kv ปีที่แล้ว +1

    If turned on, I cannot install debian, so I turned it off

  • @omiorahman6283
    @omiorahman6283 ปีที่แล้ว

    Secure boot doesn’t run with arch based os but ubuntu can run with secure boot

  • @clehaxze
    @clehaxze ปีที่แล้ว

    Hell no, Arch, most Linux distros and the BSDs does not come with secure boot enabled by default or supported at all.

  • @celdepescaun39
    @celdepescaun39 ปีที่แล้ว +3

    Mostly I did not understand anything , only a little bit on the last part of your video... So , generally is good to have UEFI and Secure Boot enabled, this I understood. Regarding UEFI this I think is depending on your hardware. If you have an old laptop/PC , you don't have UEFI and Secure Boot .... If it is newer hardware , is good to have CSM option in BIOS disabled and Secure Boot enabled. If you install only Windows 10/11 on your computer, ENABLE ! Secure Boot and DISABLE ! CSM on BIOS. Then install Windows and .... finish with / can forget about Secure Boot ... The problems appear when you DUAL BOOT , Windows 10 and Linux on an UEFI with Secure Boot ENABLED ! computer , and on the same SSD / HDD ( Windows 10 + Q4OS Linux my case ...) Maybe you can do some videos in this regard .... on a REAL computer, not on a VM ..... I like your "hmmm"-s after a sentence .... Kind of original 🙂

  • @Skyman12808
    @Skyman12808 ปีที่แล้ว +1

    Great job yet again Mr Matt but what Game Emulators do you use on your Linux Pcs Hope you can make a video about them sometime in the future

  • @KainiaKaria
    @KainiaKaria ปีที่แล้ว

    I have been using secure boot with Garuda Linux and I have had no issues.

  • @10leej
    @10leej ปีที่แล้ว

    I also enable TPM as well.

  • @Uchiha_Madara1224
    @Uchiha_Madara1224 ปีที่แล้ว

    Hey Trafotin will be making a short video of your recent live video " fedora silverblue and distrobox"

  • @RandomGeometryDashStuff
    @RandomGeometryDashStuff ปีที่แล้ว +3

    I use MBR boot (no uefi and no efi) if possible.

  • @AKABeestYT
    @AKABeestYT ปีที่แล้ว

    You had some pretty crazy opinions but I don't remember what they were. I did subscribe because you made pretty good videos though.

  • @dakata2416
    @dakata2416 ปีที่แล้ว +7

    Microsoft shill 🤓🤓

  • @ceskyvaclav
    @ceskyvaclav ปีที่แล้ว

    I like how you are making that "villager noise" after sentence.. cute.. anyways I struggle making secure boot to work after I modified my vbios on my amd card *sadge*

  • @Light13378
    @Light13378 9 หลายเดือนก่อน

    Hello, thank for your video you gain a new subscriber and do you know how do add secure boot for kali and parrot Linux I need them but i need to disable secure boot so is there to add for kali and parrot Linux?

    • @Trafotin
      @Trafotin  9 หลายเดือนก่อน +1

      I don't know, but will point out Debian does not enroll a secure boot key, so those distros might inherit that behavior. You shouldn't use penetration testing distros as your main operating system, but they are fine as tools.

    • @Light13378
      @Light13378 9 หลายเดือนก่อน

      @@Trafotin So it is okay to use dual boot for parrot Linux as a penetration when I needed and use Windows as a daily use let me know

    • @a-c1081
      @a-c1081 4 หลายเดือนก่อน +1

      ​@@Light13378 why do you have parrot/kali installed on bare hardware?

    • @Light13378
      @Light13378 4 หลายเดือนก่อน

      @@a-c1081 Because I want to explore cyber security

  • @chekwob
    @chekwob 9 หลายเดือนก่อน +2

    People are told to disable secure boot because secure boot is simply an annoying obstacle to work around. The security benefits are slim to none on a system that isn't completely locked down like these freakish modern windows kernels are.

    • @Trafotin
      @Trafotin  9 หลายเดือนก่อน +1

      The point engineers from Canonical and Red Hat are making is Secure Boot isn't taking away control or locking away things. Secure Boot is fully controllable by the open firmware systems like TianoCore and coreboot. There are still problems, but the problems right now is Linux doesn't do a good job at securing boot processes. There's a talk from Matthew Garrett at Linux Conf AU from a few years back that's a great explainer in the description.

    • @chekwob
      @chekwob 9 หลายเดือนก่อน +2

      @@Trafotin That talk explains exactly why secure boot is so useless, and in the talk he suggests just going in and turning it off. He even laments that it will be difficult to make a clear guide for naive users to instruct them on how to turn off secure boot because the settings interfaces are likely to be wildly inconsistent between different firmware vendors.
      Linux will never really do a "good" job at "securing boot processes" as you put it, because this is not very useful. If I can't sign my own kernel and modules, then the system is locked down (anti-user, user-subjugating). But if I can sign them, as you show an example of in your video, then the secure boot scheme is undermined because malware can just sign its rootkit using the same process. Also, other parts of "securing" the kernel involve locking out various otherwise useful interfaces like kmem, so it's a very limiting experience.
      Secure boot is really designed just for corporate systems where there's a central authority (IT department), or for windows systems where there's a central self-appointed god emperor (Microsoft) enacting its will upon its subjects.

  • @subnumeric
    @subnumeric ปีที่แล้ว

    Thanks

  • @domanzana
    @domanzana ปีที่แล้ว +2

    WTF is "Thrid-party operating systems like Linux" xddd like why microsoft's bullshit should be the "first party"

  • @tbui-im8gp
    @tbui-im8gp ปีที่แล้ว

    Great info! But hackers can hack into my computer if they really want to. I make sure that I don't have anything SUPER important or SUPER private. So hack away..I think they will get bored very soon. Or maybe not..they might find some of my downloaded movies entertaining. No system is hack proof. Hope that you don't get hacked. But if you assume that you will get hacked, then you should keep the important stuff offline and off the internet.

  • @squidtito8501
    @squidtito8501 ปีที่แล้ว +2

    No

  • @Matt2010
    @Matt2010 6 หลายเดือนก่อน +1

    Not if you use Linux, secure boot can and will cause problems. Better way just update BIOS and have at least setup if not admin password for uefi/BIOS.

    • @Trafotin
      @Trafotin  6 หลายเดือนก่อน +1

      You could just do both... installing the generic Microsoft key using mokutil is a thing.

    • @EdnovStormbrewer
      @EdnovStormbrewer 5 หลายเดือนก่อน

      @@Trafotin That's if you're ever able to boot into the Operating System in which many have had problems booting into the OS with secure boot enabled. It's useless

  • @gtPacheko
    @gtPacheko ปีที่แล้ว

    My WiFi driver doesn't work with secure boot, so there's not much I can do.

    • @Trafotin
      @Trafotin  ปีที่แล้ว +1

      That's not how that works...

    • @gtPacheko
      @gtPacheko ปีที่แล้ว

      @@Trafotin explain

  • @society5204
    @society5204 ปีที่แล้ว +5

    It makes sense in one way but its also a lame solution in another. It's good if you use a normie operating system where its just a product and what you get is what you get. But making it so i have to do stupid script bs in order to install third party kernel stuff or even modify my own kernels is stupid.
    This is a constant game of manufacturers trying to add encryption to every process of computing. Its defence by locking everything down. In a way its kind of lazy. This is why Apple are "ahead" in this space. Their philosophy is to lock down their devices as much as possible. So much of this security shit is smokescreen for taking power away from the user.

    • @flintfrommother3gaming
      @flintfrommother3gaming ปีที่แล้ว +2

      Virtually create problems, find virtual fixes to lock down the user. (TPM)

  • @dj-no
    @dj-no ปีที่แล้ว

    Nightmare nightmare nightmare

  • @kvelez
    @kvelez ปีที่แล้ว

    Good video.

  • @bigjoegamer
    @bigjoegamer ปีที่แล้ว

    Good video. Why are Linux and Windows so far behind Mac and mobile devices? How could Linux and Windows improve so that they are not so far behind Mac and mobile devices?

    • @Trafotin
      @Trafotin  ปีที่แล้ว +4

      Apple has more complete verified boot from their mobile platform and control over their hardware, which you can read about if you read their security whitepaper. Windows 11 has verified boot too, but it relies too much on TPM and Linux has to play catch up. The guy I showed talking is Matthew Garrett of Red Hat and has a bunch of talks on TH-cam.

  • @erickanter
    @erickanter 3 หลายเดือนก่อน

    Well this aged bad. As of now secure boot is broken on a huge number of pc's

    • @Trafotin
      @Trafotin  3 หลายเดือนก่อน +1

      Not a secure boot problem. That was largely OEMs who stopped updating lots of motherboards. The more critical concern was the motherboards in server racks.
      Do not spread FUD. Secure boot is a necessary part of computing. It's the default on Windows, Ubuntu, and Fedora.

    • @chekwob
      @chekwob 2 หลายเดือนก่อน

      @@Trafotin Secure boot is absolutely not a necessary part of computing, this a ridiculous notion. Computing has been around for many decades prior to secure boot and anything like it.

    • @alexcerzea
      @alexcerzea หลายเดือนก่อน

      @@chekwob humans lived thousands of years without houses living in caves, are we still doing it now?

    • @chekwob
      @chekwob หลายเดือนก่อน

      @@alexcerzea Yes. Many people are without any house or equivalent, yet they partake in "living".

  • @EdnovStormbrewer
    @EdnovStormbrewer 5 หลายเดือนก่อน

    This TH-cam video could never be more wrong. Windows has been shown numerous times to have countless more vulnerabilities than Linux despite having secure boot enabled making it the most useless piece of security device on your system. If signing your drivers using boot keys is the only way to get your gpu to work, then all that takes is malware to go inside and replicate that making that entire concept useless. It's all about practicing hygiene when surfing the web and not trusting corporations to do everything for us. And yes I mean not entrusting Microsoft to automatically install updates. But if we don't do that, they block admin privileges because "it's for your own safety." It is merely just to get out of responsibility while trying to control how we operate our devices. Not only that, people that don't have TPM enabled have reported performance improvements and less headaches when installing distros. Telling Linux users that secure boot have security benefits is like telling others that spaghetti can cure cancer. There's always going to be that one person to fall for it. But in the end, it's just snake oil.
    Btw If Linux is playing catch up, why are people switching to it from Windows?

    • @Trafotin
      @Trafotin  5 หลายเดือนก่อน +1

      Because freedom and security are not the same thing. We need secure boot and TPM and the major Linux distros and developers are adopting it as well.

  • @MominSaadKhan
    @MominSaadKhan ปีที่แล้ว

    Garuda Linux does not have secure boot

  • @Skyman12808
    @Skyman12808 ปีที่แล้ว +1

    Great job yet again Mr Matt but what Game Emulators do you use on your Linux Pcs Hope you can make a video about them sometime in the future

    • @Akab
      @Akab ปีที่แล้ว +2

      Almost all popular emulators distribute a linux version as well, but I'd like to see what he recommends as well😁👍

    • @Skyman12808
      @Skyman12808 ปีที่แล้ว

      @@Akab Thanks but we have to wait and see Which Emulators he uses