@stacksmashing And the cool part of it: It's systemically unfixable!

Note: If #Microsoft doesn't even bother trying to use #BitLocker and #TPM to #CensorBoot the #XboxOne, we can safely assume it wasn't secure to begin with!

https://www.youtube.com/watch?v=U7VwtOrwceo

Remember: All Cryptogeaphy that violates #KerckhoffsPrinciple is inherently insecure and untrustworthy!

@stacksmashing and that is why #CensorBoot and #BitLocker are #Govware #garbage noone should use!

#SefureBoot #Windows #ITsec #EpicFail

@fuchsiii @lunch @nixCraft

Also the problem is that this is not only an arbitrary decision but also that people will just suck up that shit by Microsoft whilst also refusing to even consider alternatives.

Not to mention #CensorBoot is still bad per concept!
https://mstdn.social/@kkarhan/111628362489473904

@fuchsiii @nixCraft

Also #Microsoft is criminally incompetent in handling their #CensorBoot #Keys, so #GoldenKeyBoot killed that whole security as unpatchably broken!

https://www.tomshardware.com/news/windows-secure-boot-golden-key,32450.html
https://www.reddit.com/r/netsec/comments/4wybax/writeup_of_secure_boot_bypass_which_i_dub_secure/
https://www.extremetech.com/internet/233400-microsoft-leaks-secure-boot-credentials-demonstrates-why-backdoor-golden-keys-cant-work
https://www.xda-developers.com/microsofts-debug-mode-flaw-and-golden-key-leak-allows-disabling-of-secure-boot/
https://gist.github.com/acepace/df34b5213f1e0fae6529eb703d947187
https://openrt.gitbook.io/open-surfacert/common/boot-sequence/uefi/secure-boot

@fuchsiii @nixCraft

Not to mention that #CensorBoot aka. "#SecureBoot" is insecure by #Microsoft's own admission, so all it achieves is #PowerAbuse by putting in another extra step to make #Linux work that has nothing to do with #Security and entirely with pissing off users.

https://www.youtube.com/watch?v=U7VwtOrwceo&t=739s

@fuchsiii @nixCraft and this why we have #ClimateChange:
https://www.youtube.com/watch?v=tuFQbiIVUkw&t=689s

Because #GAFAMs like #Microsoft decide crap like #CensorBoot is so important they'd have to go out of their way to generate so many metric tons of 100% avoidable #eWaste, it makes replacing all household & office electrical outlets in the #EU with #IEC60806_1 sockets look like an envoirmentally friendly decision…
Spoiler: They canned it due to generating equal amounts of #eWaste (700.000t)!
https://en.wikipedia.org/wiki/IEC_60906-1#Possibility_of_acceptance_in_European_Union

@ljrk @lexd0g and no, #PGP fixes the #trust issue to one only needing to trust one person at a time and not some corporation to be a front for some cybercriminals and OS/Browser vendors to do their due diligence...

Call me paranoid but I only trust people, not orgs or corporations!

Because Trust depends on mutuality!

I mean, look at the solutionism that got us #CensorBoot..
https://www.youtube.com/watch?v=s7WDbnHlc1E

https://todon.eu/@ljrk/111542169817238916

@ainmosni @Linux_Is_Best

Yeah but that's just minimally less bad than going full #heads as aftermarket #firmware and requiring all executeables to be signed by the device owners' personal PGP keys...

Also I'd not trust a #blackbox like a #TPM as it violates #KerckhoffsPrinciple and thus must be considered cryptographically shit.

IMHO #TPMs and #Windows11 only act as #CensorBoot...

https://www.youtube.com/watch?v=s7WDbnHlc1E