>>106119980
>>>Selinux
>>CIA
>Initially paid for by NSA. Long since handed off.
I meant NSA, thanks for correcting me. But it's the same as Signal (funded by CIA-front, RFA), I just won't trust anything related with a mile-long pole.
>Only if you buy Windows hardware.
Please: "Most x86 hardware comes with Microsoft certificates in firmware, allowing Secure Boot to recognize and trust Microsoft-signed binaries. The Linux community relies on this model for Secure Boot compatibility." https://documentation.ubuntu.com/security/docs/security-features/platform-protections/secure-boot/
It's extremely difficult for a layman to roll-in his own keys: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys
>>>tpm
>>Yet another under-the-OS backdoor
>How is it a backdoor with no IO? What kind of retard actually thinks this?
Hardware crypto is almost always weaker than software crypto plus it's an open secret alphabet agencies have been weakening elliptic keypairs to ease differential cryptanalysis.
TL;DR: avoid ready-made hardware solutions or closed-source software offered by big-tech corporations.