On 08/29/2015 04:20 AM, Paul Cartwright wrote:
that may be true, but however I got my fedora installed on this UEFI box is the way I am leaving it.. I am pretty sure I have secure boot turned off. it works, and I go with the KISS method, it works, I'm leaving it alone:)
Secure Boot is an effective mitigation against some features of root kits, and really should be enabled everywhere possible.
Under Secure Boot, the firmware will not load a boot loader if it has been tampered with, which will not load a kernel that has been tampered, which will not load modules that have been tampered. With that chain of protection, it becomes very difficult for a root kit to modify the kernel to fully hide its sockets, processes, and files, which is a common feature of root kits on systems which do not offer such protection.