On 08/29/2015 03:11 PM, Gordon Messmer wrote:
Secure Boot is an effective mitigation against some features of root kits, and really should be enabled everywhere possible.
Under Secure Boot, the firmware will not load a boot loader if it has been tampered with, which will not load a kernel that has been tampered, which will not load modules that have been tampered. With that chain of protection, it becomes very difficult for a root kit to modify the kernel to fully hide its sockets, processes, and files, which is a common feature of root kits on systems which do not offer such protection.
I will try turning on secure-boot next time I reboot, to see if I can boot with it turned on.. define "tampered with".. what if you run grub2-mkconfig.. that tampers with it...