Well… if you have your own keys (like I do) you have to store them somewhere. That somewhere is probably somewhere on a computer where they are used so you can update the kernel. If you have private keys, you can probably bypass secure boot.
Is there a way to have private keys stored on a nitrokey that has to be plugged in for every kernel update?
We can switch ISP???
I always open settings on every app or website to see what I can change. This gives me feeling like this is something made just for me and I will use it for longer. Except KDE, this has way too many settings.
Thats the important part ;)
Arch, you can fully customize it to your needs, and has access to AUR for more hacking tools.
I like it but it seems they have to crawl a bit more.
I use monero online and cash offline, because no one accepts monero offline.
They are stored behind luks and I think they are readable only by root. But bootkit can probably only infect UEFI from Linux that is running on that machine. And to interact to UEFI you probably have to be root, right?
I’ll look into more options, either store keys on a seperate luks usb key or on a hardware securety key like Nitrokey. For
sbctlthere is already a roadmap feature for hardware security keys, I hope this comes soon :)