I have an inexpensive Acer WinBook. The BIOS lets you nuke the preloaded public ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		hedora on March 6, 2020 \| parent \| context \| favorite \| on: Intel x86 Root of Trust: Loss of Trust I have an inexpensive Acer WinBook. The BIOS lets you nuke the preloaded public keys, and explicitly white list the current bootloader(s). Now, if anyone tries to boot it with something other than Grub, it will fail and prompt for a password. This seems like a reasonable tradeoff for secure boot, though it would be nice if Grub had a lockdown mode for this use case.

folmar on March 19, 2020 [–]

Grub has a _password_ and _verify_ settings which are what you want.

Or take a look at a ready-made configuration: https://github.com/CrowdStrike/travel-laptop

Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact