On Wed, 8 Jul 2020 at 22:19, John M. Harris Jr <johnmh(a)splentity.com> wrote:
This is not something that's beneficial here, it's only
harming our users.
That seems exceedingly myopic to me. I'm guessing you've not been
following the last few years of security research, where attacking the
firmware is now the best way to own a machine. And please don't
lecture me on why BIOS is more secure than UEFI, "compatibility" mode
is implemented *on top of* the UEFI bios these days, rather than as a
completely different software stack.
If you've got root, you can STILL do almost anything to the
hardware,
including disabling various "firmware protection technologies".
I don't think you understand what enabling SecureBoot actually does.
Richard.