alt Hacker News> Weird collisions with desktop security features
Linux is not immune to BIOS/UEFI firmware attacks either. Secure Boot, TPM, and LUKS can work well together, but you still depend on proprietary firmware that you do not fully control. LogoFAIL is a good example of that risk, especially in an evil maid scenario involving temporary physical access. I think Apple has tighter control over this layer.
Replies
MrDrMcCoy • yesterday at 10:35 PM
You completely misunderstood the quoted remark you responded to. The desktop security features in MacOS that interfere with unblessed binaries and libraries loading is a huge pain in the ass, especially for headless server use.
Yeah... attacks like LogoFAIL hit during the DXE and BDS phases when the firmware is acting as its own 'mini OS' before the handoff
Easier to comprehend here - https://vectree.io/c/uefi-firmware-architecture-principles