It seems like there's been a massive push to get everyone to enable this recently. Can someone redpill me on the privacy implications of this?

It's more secure cause you can be sure no one modified your bootloader or kernel.

it stops you from running programs your jewish slave masters don't want you to run

It's been a security standard for quite some time

What the fuck do you mean by "recently"?

>>106173044 (OP)
Javelin made me enable this so I did and it fucked my motherboard. Googling it later, it’s a known issue. Thanks Gigabyte.

>>106173044 (OP)
it's a prerequisite to creating a "trusted mode" for PCs
soon you won't be able to do anything meaningful online (like a rooted android phone) without secure boot and TPM

It's on by default for all prebuilts since last decade. It prevents malware from loading during the boot process because all malware is unsigned or masquerading.

>>106173132
>because all malware is unsigned or masquerading
not even true, private keys leak all the time
the only thing secure boot does is prevent legitimate users from running software that isn't signed by microsoft

>>106173141
You never heard of WHQL? Spoofing WHQL doesn't do shit. You're still flagged by anticheat and 3Dmark that your driver isn't legit.

>>106173125
Christ. Fuck that. This whole "internet security arc" getting kinda ridiculous.

>>106173044 (OP)
Good: bad people can no longer modify core parts of your OS or load custom drivers because every step from your firmware, the bootloader, the later stages of booting and every part of your OS is cryptographically signed.
Bad: you can't do any of these modifications anymore either.

>>106173141
>I don't know how driver signatures work

>>106173172
Why do you want children being raped?!
*starts hyperventilating and fake crying*

>>106173141
>the only thing secure boot does is prevent legitimate users from running software that isn't signed by microsoft
but it doesn't? Otherwise beta GPU drivers don't work. Check GPU-Z next time.

>>106173175
NVIDIA's code signing certificate leaked 3 years ago
MSI's code signing certificate leaked 2 years ago
etc etc

>>106173141
>I don’t know what Machine Owned Keys are
inb4 winsoy user, just rope already if you’re complaining about this because the main issue is the OS, not the boot protection measures

>>106173200
>implying it isn’t possible for manufacturers to bring out UEFI updates with new keys and also blacklist the old leaked keys
>implying they didn’t do this

>>106173094
https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

>>106173222
that feature is being deprecated soon, many laptops don't even allow you to add custom keys anymore
>>106173229
>implying they didn’t do this
of course they did, eventually
but private keys leak all the time

this topic always gets a lot of organic engagement on 4chan

I perform original bios boots, only downside is no resizeable bar but I don't know how practical that really is

>>106173044 (OP)
My motherboard does not support this feature.

>>106173249
>that feature is being deprecated soon, many laptops don't even allow you to add custom keys anymore
Source?

>>106173057
*nobody except microsoft, glowfags, redhat and anybody they gave keys to

>>106173307
Indeed, source?

>>106173324
I enrolled my own keys doe.

>>106173044 (OP)
you need this this to run VMs?

>>106173113
you know, my gigabyte mobo bricked shortly after enabling secureboot...

>>106173044 (OP)
there is no impact on privacy, it's just an attempt to downgrade the PC from turing completeness to corporate policy completeness

>>106173113
>>106173390
Yeah you have to be careful. Arch wiki mentions you can brick your computer if you try to remove Microsoft keys.

>>106173229
>implying they wont leak again, and again, and again

>>106173044 (OP)
>Turn on secure boot
>Computer won't boot anymore
>MFW

Took me hours to fix, had to remove the CMOS battery and re-seat EVERYTHING, never touching that fucking shit again.

>>106173457
Probably depends on the computer. I never had any trouble at all except Arch installation media doesn't boot with secure boot on so I had to turn it off to install Arch. Kind of weird that it would stop you from booting completely though, it should at least let you into bios/uefi settings.

>>106173457
>>106173468
The point is in having a signed bootloader. the keys won't be freely tossed around because that defeats the purpose.

>>106173417
It's still more work for hackers anyway.
>No secure boot: just put the backdoored boot images in. User won't even know it's malware unless they store and check hashes and you can still exfiltrate data by the time they realize (if they ever do)
>Secure boot: find leaked keys somewhere (if they exist) and sign your malware with it. And if the person uses their own keys then hacker can't do anything

>>106173057
It's a joke, UEFIs are bug riddled messes shipped by indifferent vendors, there's probably a billion exploits around.

>>106173390
Your gigabyte mobo can brick by just being gigabyte. I had 3 gigabyte boards die on me.

>>106174625
Maybe I should just install coreboot

Anyone who DOESN'T use Secure Boot and BitLocker is a complete fucking faggot

Goes triple for any Troonix distro (so, ALL of them except Ubuntu) that can't even fucking figure dual booting in secure boot

Troonix lovers are brain dead

>>106175284
Microjeet fuck off