Le vendredi 10 juillet 2020 à 07:12 -0400, Przemek Klosowski via devel
a écrit :
My point is that however the updates are being produced, they need a
secure remote update method. It's not realistic to expect end users
to be in the loop
If you remove end users from the loop there is zero zip nada need for
secure boot in the first place. The sole function of secure boot and
DRPM is to prevent end users, present in the update loop, from doing
things the manufacturer disagreees with.
A system, that auto consults a remote update point, over https,
checking the certificate of this remote point, has zero need for secure
boot.
--
Nicolas Mailhot