this post was submitted on 28 Apr 2026
9 points (90.9% liked)

Apple

920 readers
7 users here now

Welcome to the Apple community! This is a place to discuss everything related to Apple, including products, software, services, and discussions.

General discussions about Apple products, updates, tips, troubleshooting, and related topics are welcome. However, for specific technical support, account-related inquiries, warranty issues, and other specific concerns, please direct them to official Apple support channels.

Rules
  1. Stay on topic: All posts should be related to Apple products, software, or services.
  2. Respectful discussions: Treat fellow community members with respect and engage in constructive discussions. Avoid personal attacks, harassment, or offensive language.
  3. No support inquiries: Please refrain from posting individual support inquiries or account-related issues. Use official Apple support channels for assistance.
  4. No spam or self-promotion: Do not post spam or self-promotional content. This includes links to personal websites, blogs, or products/services.
  5. No illegal content: Do not share or discuss illegal content, including piracy, hacking, or copyright infringement.
  6. No misleading information: Avoid spreading false or misleading information about Apple or its products.
  7. No inappropriate content: Do not post or link to any inappropriate or NSFW (Not Safe for Work) content.
  8. No off-topic discussions: Keep the discussions focused on Apple products, software, services, and related topics. Avoid unrelated or off-topic discussions.

founded 2 years ago
MODERATORS
ijeff
9
Secure boot is just vendor lock-in with a security marketing budget (self.apple)
submitted 5 days ago by AbsolutelyNotCats to c/apple
3 comments fedilink hide all child comments
 

Every iPhone ships with a chain of trust that starts with Apple's root certificate, not yours. The kernel you run, the OS you update, the apps you install — all gatekept through keys Apple holds. This is sold as security, but security means nothing if only one party controls the locks. Android has its own chain of Google-verified boot, which is the same architecture with worse transparency. Both platforms decided that your device belongs to whoever signed the firmware. Free software means you can audit, modify, and share what runs on your machine. That requires unlocked boot chains, not just open-source kernels running inside a proprietary trap. Why should the device you bought be the only one you don't control?

you are viewing a single comment's thread
view the rest of the comments
[–] jakwithoutac@feddit.uk 7 points 5 days ago* (last edited 5 days ago)

The real answer to your question is that the vast majority of people don’t have the time, inclination or skills to manage it themselves.

The techy answer is that unless you are writing or reviewing every line of the firmware/OS yourself, and also securing them with certificates you’ve self signed with hardware/software that you’ve already reviewed or written yourself, you’re still trusting something to a third party.

Also your statement here is pretty backwards to me:

This is sold as security, but security means nothing if only one party controls the locks.

You may not trust Apple or whomever, but a lock with only one key holder is definitely more secure than a lock with many. Maybe just the wrong metaphor?

Ultimately, I think the real point is that Apple is a commercial entity driven by a profit motive, so will act in its own interest to that end. It never stated that iPhone was a device where you could roll your own secure boot or change firmware or whatever - it sold a mass market product to mass market consumers who largely don’t care about any of this stuff. In this regard at least, Apple’s secure boot is more secure than nothing.

I do, however, agree that you can’t necessarily trust this particular gatekeeper, so buyer beware.