Discussion on the perils and consequences of disabling Secure Boot in Windows 10.
Episode #9-46 released on June 30, 2019
Secure Boot is both a great and simultaneously horrible idea at the same time. The way it was implemented and continues to be implemented causes a lot of issues with users just trying to use the computer they paid for, in a way they want to use it. I am primarily speaking to the fact that the option to disable secure boot in the UEFI Bios is not always clearly indicated or present in a meaningful way. And, furthermore, it is possible that the operating systems end users may want to us are not compatible with the UEFI Bios in the first place, meaning that a security option that is meant to protect users may violate an end users right to choose an operating system of their choice, or be unable to provide the security they require, as per the specification of the security feature, in this case Secure Boot.
Secure Boot is meant to prevent malicious software from being able to boot up with the computer compromising the operating system before any of the security software has time to load. Failure to have a clean boot means the computer doesn't start the operating system. This protects data from further compromise but, also, prevents the data from being accessed. If you reach this state, you would have to commit to a clean install anyway. This, however, only addresses pre operating system launches and doesn't protect data beyond that point.
How did I disable Secure Boot in the first place?
The computer in question used the Secure Boot option as part of a Windows 10 install, and the mainboard is from Asus. It isn't easily found for less familiar users, but there are options to erase the PK keys and to stop using them.
Why did I disable Secure Boot?
I had to. I was cleaning my computer using a compressor I have previously talked about in my video. I take apart my computer partially to achieve this. A single plug missing was enough to nullify the key making the boot process invalid. Clearly stated, it was like my computer's Windows 10 install was invalid, only the mainboard no longer had the correct pk key. My computer doesn't have a virus in it and didn't then. Basically, I decided to go with it and continue to use my computer without Secure Boot enabled since it would require a clean install.
And, the following is what happened. Nothing!
Of all the security vectors that we have to deal with on a daily basis, boot up is such a small vector of attack that we need a more balanced approach. Also, Secure Boot needs to be more open and less prone to these kinds of glitches.
Provided you have strong antiviral and anti-malware software, maintain cold storage backups of files, that your behavior online doesn't unduly expose you to risks online, and that your computer is as up to date as possible, regardless of platform. It is of my own opinion that not only can you run your computer without secure boot enabled with minimal risk, but that by definition, because of that, the feature has essentially failed its core directive, as a result. This means you can keep it enabled, or disabled, but know that the only thing that, that will affect, is the ability to power on your operating system if the start up because compromised or something happens to the PK keys in the bios.
Maintain a backup of your PK Keys, and avoid what happened to me, in my own specific case. Because something like a CMOS reset would have the same consequences, too.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net