I only use Fedora, so I don't know why I need to install KEK. Is it fine to disable Secure Boot or do I really need Microsoft KEK?
You can disable Secure Boot if you want, just know that you open up a route for malware (which Linux does have, don't do the whole LARP, hundreds of compromised packages are found daily) to infect your bootloader.
>>106576205before you do this, consider backing up your bitlocker key if you still have windows partition on your machine and its encrypted. It might cause issues later.>>106576224secure boot is not going to magically protect you from malware, you obsessed baiting securitytroon.
Disable it, the risk of updates breaking your linux boot is not worth it.>>106576224That hypothetical malware can either sign itself with the key you use for OS updates or whitelist itself if you're using the EFI shim.
>>106576256It protects your bootloader by only allowing properly signed code with a verified certificate to run, I never said it protected from all malware. Maybe you should spend some rupees on Duolingo Premium, Rajeesh.
>>106576264>That hypothetical malwareYou mean the malware that exists? That malware? Such as BootHole and Bootkitty?> whitelist itself if you're using the EFI shim.Then you shouldn't be using the shim and you should instead be using your own MOK or importing the relevant distros' certificate into your EFI store.
>>106576265>Just enable this user-hostile feature because you have 0.3% chance of getting infected with some super sophisticated malwareLet me guess, You will also say that I will get magic internet aids by using older windows versions, securitytroon?
>>106576364>obsessed with trannies awardmaybe you should troon out yourself, you seem obsessed with it. Keep inventing arguments and attacking those instead of actually using evidence so I can keep laughing.
>>106576364bro just turn it on it's good for you and all of us
>>106576298>implying the malware can't find your MOK
>>106576298>using bootkits as an argument in discussion about safety of regular people and their computers.securitytroons are something different.
>>106576390And the worst they could do is sign a kernel driver with it, which is much less of an issue than compromising the entire bootloader process, which they cannot do with Secure Boot enabled. UEFI still stores the trusted certificates and an attacker can't tamper with this except with physical access. The situation you are trying to invent is a full boot process compromise which is a much bigger problem that is harder to resolve than a malicious init hook.>>106576448>bootkits aren't relevant because uhhh... they just aren't! No normal person has ever had a bootkit ever!keep coping.jerk off to your obsession (trannies), you might feel better.The only argument against having Secure Boot for the "regular people" enabled is laziness
>>106576462wrong website, 14 year old bolivian shartypedo. Go back.
I never really thought about this, but who's the root CA for the BIOS? The motherboard manufacturer? The NSA?
>>106576205Sure, if you don't mind being INSECURE! (it's dangerous)
>>106576472The sharty aren't pedos, just spergy autists.
>>106576643>>106576635>>106576623MOPS: 0 DOLLARSJANITOR UNIFORM: 0 DOLLARSPAYCHECK: 0 DOLLARSSWEEP IT UP ALREADY!
>>106576689>my stupid copypasta that is unfunny and retarded
>>106576205TOP KEK
>>106576537>Root CAMicrosoft normally for Secure Boot, though there are AMI/Insyde etc certs too
>>106576205...why does microsoft want to install that on our computers?
