Another reason to install Linux and be done with this shit.
I recommend starting with Fedora KDE, and delving to anything else later…
I’ve never trusted full disk encryption because I understand the person most likely to get locked out of my data is me.
I can see the use case for laptops, but my security policy is “if you have physical access, you win”.
At best a virtual rncrypted disk on the unencrypted drive.
If you (not you OP) are doing that secretive work, maybe you shouldnt do that on this OS and instead on Tails or other temporary distrosSame. I encrypt my laptop disks, but I never bothered with the home machines.
yes, and then i forget the encryption password as i don’t use the laptops that much these days and now have it written on the lid
kidding :) or am I :(
well i suppose it depends on how deep your personal security goes. are your passwords stored on your device? are they stored securely? do you have a password manager? do you have a standalone app for your password manager and not a browser extension? is the master password for your password manager stored on any of your devices? do you have any settings that automatically locks your PC upon inactivity? is the pin for your PC related to you personally in any way? i get what you’re saying because at the end of the day physical access IS pretty hard to mitigate. but you’d be surprised how far simple steps can take you.
“I can’t use Linux windows just works”,
Anyone who says that is not using veracrypt.
I’m not sure what the problem is. His account is locked, but it’s not like he can’t still sign code and distribute it even if that means using a new account.
Edit: other articles point out that his company failed certification, and he’s not been able to reach support to find out why.
The answer to your question was in the article;
Because Microsoft requires developer accounts like his to re-verify the security of their software, Idrassi said that many devices running VeraCrypt will soon be unable to boot if the issue is not resolved.
And this why Secure Boot can’t be trusted. It is Micro$lop that signs and issues the keys.
Secure Boot has nothing to do with Microsoft, it’s a UEFI feature.
You can enroll your own Platform Key and have complete control over the entire Secure Boot system.
https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot
I use a signed Unified Kernel Image to use Secure Boot and my machine has zero Microsoft software on it. (Arch, btw)
wasn’t there some dumb shit like every linux distro using fedora keys which were from microsoft?
Microsoft signs Red Hat certs then Red Hat signs everyone’s certs, so the only thing Microsoft can do is to revoke Linux as a whole.
It’s the solution that requires minimal user effort since most computers are designed for Windows.
And MS probably won’t do it willy-nilly because their stack is peobably using it to some degree and many more of those Fortune-X00 are very likely something RHEL. So fucking that over will crash their stock like it did with CrowdStrike but much much worse.
not only likely… i read somewhere that make more money with linux stuff on azure than with anything else they do can’t find the source rn tho
I think it is just chain of trust. Many used Microslop as the trust authority (may be due to convenience? I have no idea). Debian has a nice page on Secure boot and how it works.
You can use custom keys with secure boot. Any PC newer than 2015 should give you that option.
You don’t have to use Microsoft’s keys.
This isn’t a secure boot issue. This is a bootloader issue.
In Idrassi’s case, he said he is able to push new updates to Linux and macOS users unhindered, but the majority of his users that run Windows cannot currently receive updates.
So, no problem then.
Linux already has LUKS and dm-crypt, so VeraCrypt isn’t really necessary.
It is if you want to move drive between windows and Linux machines
Unless you want multiiplatform.
