The em-dash is once again crying in the corner for not being invited to the party.

Congrats, you don't understand the basics of secure key exchange, but that's easy to fix: I suggest starting with the colour model for a basic understanding: https://www.arsouyes.org/artic... afterwards you can look into the details of how this works mathematically. No your key is *NEVER* sent anywhere. EVER. It's not required for key exchange.

There's nothing to reverse engineer. Encryption and security is based on well known public algorithms. These are designed to enable secret communication, that you can verify on a mathematical level. There's no reverse engineering anything, there's only breaking the key, and the key generation process relies on a the concept of mathematics that easily calculate but difficult to reverse. E.g. Discrete logarithm problems. Take M^b mod p = x. I could tell you M and p and x and you would still have no hope in hell of figuring out b.

Why post if you don't want to engage in a discussion?

If this is the kind of thing you normally post I don't have any idea why no one has called you deranged before.

Hardly. If the user has access to files then Microsoft does as well. That's the fundamental problem with this debate by multiple people here. If you can open a file then Microsoft has access to it. If you use VeraCrypt to secure your windows partition then Microsoft has access to all the files since you literally need to decrypt the partition to load the OS.

Tinfoil hats are not a nice fashion accessory.

You have clearly not enough knowledge and too much ignorance on the topic. No you don't need to disable secure boot. Microsoft has no control over secure boot. You can even load your own custom keys for the Windows boot process, to say nothing of Linux's secure boot process having zero to do with Microsoft control either.

But you don't care, you've been told this before. At this point you're willfully ignorant.

There is no way of querying secure boot or using it for DRM. All you can do I report if secure boot was on or off.

That could be as well, but we already had non-secure boot options for that.

See a) Saying something wrong twice doesn't make it right, it makes you twice as wrong.

Manufacturers have no control over secure boot. The implementation requires the keys be able to be managed by the user. You just jump into UEFI and delete Microsoft's key if you want and load your own. It's no more giving someone else control than a website that suggests a strong password.

No that's not, you missed what Secure boot does.

You actually said a few right things there. Yeah it has nothing to do with hardware attacks, it has to do with persistent attacks.

No. The assumption for any computer is that it boots into a known configuration. Persistent in this case means it is impossible to remove from the OS. At no point has the definition included your "nuke from orbit" approach.

Viruses can be removed and cleaned from machines. At least the ones which aren't following the correct definition of persistent. Damage in the modern definition is continuous and ongoing. Just because you've been infected at one point in time doesn't mean it's game over.

Yes I'm sure if you have no idea what you're talking about you'd think that. I agree with you by the way. Passwords do nothing so I just leave the field blank.

Except for sign the boot process to ensure no resident malware can persist through reboots. There's example of it by the way, this isn't theoretical, Bootkitty is bootlevel malware that is exactly the kind of thing Secure boot protects against.

You are technically correct. UEFI doesn't enhance anything, it doesn't force secure boot. Secureboot however objectively does enhance security, it's literally an open standard which puts encryption keys to validate the boot process in the hands of the user. MS has no stranglehold what so ever beyond making sure that unpermitted processes don't precede it in the boot chain, which is explicitly the boot time security hole being plugged.

You do the same thing in Linux, generate a keypair, sign the bootloader, and load the key into the UEFI to ensure no boot time attack creates resident malware.

There are examples of resident malware out there. This isn't theoretical (unlike Spectre type attacks).

You answered your own question. Here: "since having someone else hold the keys completely mitigates the value of secure boot". Microsoft can't certify the secure boot process isn't maintaining the integrity of the kernel if 3rd party software bootstraps Microsoft's own booting procedure.

This shows a fundamental failure of understanding of security principles. VeraCrypt encrypting the boot volume (the only thing that it would need a secure boot key for) in no way prevents Microsoft from doing what you're tinfoilhatting about as once VeraCrypt decrypts the boot volume Windows has full access to that volume anyway, and if you're concerned about non-boot volumes they blocking their secure boot key wouldn't have any impact on its use (I also use VeraCrypt).

Your conspiracy makes no sense and your mitigation (encrypt away from the OS) isn't even implicated by this secure boot discussion.

That's why I leave my password fields blank. It's so much easier to ignore security. (Also no Microsoft has no capability of preventing you booting Linux or using Linux with secure boot disabled, the only thing they have the ability to block is you booting Linux using Window's boot loader).

No, Microsoft issues secure boot keys that allow Linux to be booted by bootstrapping Microsoft's bootloader's shim. You don't need Microsoft to run secure boot in Linux, you just need to load your own key into the BIOS. SecureBoot is 100% under your control.

The problem here that sets VeraCrypt apart is that VeraCrypt after doing its thing needs to load Microsoft's Bootloader. This entire system is interlinked. The whole point of secureboot was that software doesn't fuck with the boot process without authorisation.

Microsoft has no control over what you do with Linux (unless you let it)
Microsoft has ALL control over what you do with attempts to boot Windows.

The thing about paying tax is that you do it only if you have income and wealth to pay taxes on. I'd love to be in a situation where I owed the government billions of dollars in capital gains tax. It would mean I would myself be rich and retired.

I'd say its plausible that they know that an attempt to cash out even a portion of that would a) lead to their complete loss of any private life, b) trigger a crash in asset value. There are actually people who don't like the bullshit that comes with *public* wealth.

Genius mastermind who has done significant damage to the world in terms of CO2 emissions, pointless hardware creation, fucked over consumers who have been screwed at every turn with blockchains, and created a network to facilitate money laundering and illegal deals the world over?

Yeah I wouldn't want anyone to accuse me of developing Bitcoin.

In some cases devices, even repairable ones, defend themselves against the economics of being repaired. I ran into this with a wet/dry vacuum recently. Kärcher is a company known for having every single part available to purchase individually. You can repair literally any Kärcher product. So when the switch (internal mechanism on the power control circuit board) broke I had the option of ...

Buying a replacement WD5 power board for 93EUR + 20EUR shipping (113EUR total).
Buying a whole replacement WD5 for 145EUR which includes 2 new filter bags (13EUR) and 1 new HEPA filter (18EUR), which brings the cost of the vacuum + all accessories minus the consumable ones to (145-13-18 = 114EUR).

So ... on a related note does anyone want a broken vacuum cleaner? Free to a good home. All it will cost you is nearly the price of an entire new one to get it working again...