It's possible to update the microcode firmware via OS. Linux does this by default nowadays with open source microcode: https://wiki.archlinux.org/title/Microcode. I'm sure windows does it too, or NSA via Windows built in back-doors, only difference is that their firmware is proprietary and full of shady stuff.
With the understanding that "secure" is a relative term, how secure am I using Fedora 33 on an Core 15 chip? (I'll look up the exact chip if it helps.)
Depends on yourself, humans with too much privileges are the biggest threat to any secure system. A clean fresh installation of Fedora 33 should overwrite the CPU microcode before even starting the system and decrypting your drive.
You can check this in the boot menu, fist thing you see after start where it says "Fedora" and "Advanced options for Fedora" or similar. Press E and you should see the whole boot command which will run in sequence. First it loads the microcode, then the kernel and then (if you have full disk encryption enabled) the prompt comes up, or whatever mechanism you use to decrypt on boot.
So relatively secure is the best answer I guess. Just make sure that nobody else ever gets physical access to your device. Make sure to never run shady proprietary software, stick to open source and verify that there are no back doors. That way, chances are very low that someone could ever spy on you or steal your data.
But if you wanna be really secure, you might wanna use Qubes OS. A Linux distro designed with security in mind. Every program runs in it's own vm, and it's not the standard type of vm's, these are completely isolated from each others, giving you full control over everything that runs in your system.
It's not the most convenient solution tho, for instance if you want to plug in a usb device and let a software use it, you need to explicitly allow that in the systems task manager since the usb firmware run in it's own isolated box too. It's a bit of al earning curve, but worth it if you really want perfect security.
It's not the most convenient solution tho, for instance if you want to plug in a usb device and let a software use it, you need to explicitly allow that in the systems task manager since the usb firmware run in it's own isolated box too. It's a bit of al earning curve, but worth it if you really want perfect security.
and I imagine it gives things like OBS all kinds of headaches, lmao.
It's possible to update the microcode firmware via OS. Linux does this by default nowadays with open source microcode: https://wiki.archlinux.org/title/Microcode. I'm sure windows does it too, or NSA via Windows built in back-doors, only difference is that their firmware is proprietary and full of shady stuff.
With the understanding that "secure" is a relative term, how secure am I using Fedora 33 on an Core 15 chip? (I'll look up the exact chip if it helps.)
Depends on yourself, humans with too much privileges are the biggest threat to any secure system. A clean fresh installation of Fedora 33 should overwrite the CPU microcode before even starting the system and decrypting your drive.
You can check this in the boot menu, fist thing you see after start where it says "Fedora" and "Advanced options for Fedora" or similar. Press E and you should see the whole boot command which will run in sequence. First it loads the microcode, then the kernel and then (if you have full disk encryption enabled) the prompt comes up, or whatever mechanism you use to decrypt on boot.
So relatively secure is the best answer I guess. Just make sure that nobody else ever gets physical access to your device. Make sure to never run shady proprietary software, stick to open source and verify that there are no back doors. That way, chances are very low that someone could ever spy on you or steal your data.
But if you wanna be really secure, you might wanna use Qubes OS. A Linux distro designed with security in mind. Every program runs in it's own vm, and it's not the standard type of vm's, these are completely isolated from each others, giving you full control over everything that runs in your system.
It's not the most convenient solution tho, for instance if you want to plug in a usb device and let a software use it, you need to explicitly allow that in the systems task manager since the usb firmware run in it's own isolated box too. It's a bit of al earning curve, but worth it if you really want perfect security.
and I imagine it gives things like OBS all kinds of headaches, lmao.
Thanks for not treating me like an idiot =D