> Did you know that technologies such as Intel Boot Guard that have existed for the better part of a decade defend well against such attacks that might seek to overwrite flash memory?
It's rather funny to see Boot Guard as a "good" example here. Boot Guard is what's actually taking freedom away. With a vendor-locked Boot Guard configuration, you cannot replace the firmware with anything not signed by the vendor. Bye bye dreams of coreboot (until a private key leaks like it just did ha ha).
Netflix & co denying service to machines that don't pass Microsoft attestation? Literally who cares, just go to The Pirate Bay instead.
Wait so they… they have a hook in the mmap() equivalent that allows AV software to scan new pages mapped as executable? I see the reasoning but damn does that feel cursed.
Another really important aspect everyone is forgetting is the location privacy problem with being "naked" on a residential IP address. The best reason to relay your traffic through a provider like Mullvad is so that some random forum admin who disliked your posts doesn't GeoIP you down to your city district.
?? It's entirely identical to the desktop version. Desktop is just an electron wrapper that adds fancy integration like rich presence and in-game overlays and whatever else.
Valve is pretty good at this, and they don't even use kernel level anti-tampering as a facet. Trust factor, VACnet (machine learning) and overwatch (community demo review) add up to a system that's pretty decent at not matching you with cheaters if you aren't one.
All of those are "general purpose". That phrase doesn't mean "perfect official support for whatever alternative OS you like", it usually means something closer to "you are not forbidden from running your own code, even at a high privilege (kernel) level".
Put UEFI on the chromebook!! Argh don't write it off, chromebooks are the best x86 platform by far. MrChromebox provides pre-made coreboot+edk2 builds for a ton of chromebooks, but you can make your own too.
The Lenovo Chromebook Duet uses ARM, not x86, so I don't think MrChromebox supports it. I'm unclear on whether ARM Chromebooks even can support coreboot and/or edk2; do you happen to know if that's possible?
arm chromebooks usually run coreboot too; the utility of edk2 there would be questionable, as on none of them ACPI tables can cover all the HW, so u-boot would be good enough.
MrChromebox currently publishes only RW_LEGACY firmware (not full ROM, only replacing the stock SeaBIOS) for AMD Picasso/Dali and Intel Tiger Lake devices, but a) that's enough to boot whatever you want and b) you can build your own full ROM.
It's rather funny to see Boot Guard as a "good" example here. Boot Guard is what's actually taking freedom away. With a vendor-locked Boot Guard configuration, you cannot replace the firmware with anything not signed by the vendor. Bye bye dreams of coreboot (until a private key leaks like it just did ha ha).
Netflix & co denying service to machines that don't pass Microsoft attestation? Literally who cares, just go to The Pirate Bay instead.