For you? No. For most people? Nope, not even close.
However, it mitigates certain threat vectors both on Windows and Linux, especially when paired with a TPM and disk encryption. Basically, you can no longer (terms and conditions apply) physically unscrew the storage and inject malware and then pop it back in. Nor can you just read data off the drive.
The threat vector is basically ”our employees keep leaving their laptops unattended in public”.
(Does LUKS with a password mitigate most of this? Yes. But normal people can’t be trusted with passwords and need the TPM to do it for them. And that basically requires SecureBoot to do properly.)
For you? No. For most people? Nope, not even close.
However, it mitigates certain threat vectors both on Windows and Linux, especially when paired with a TPM and disk encryption. Basically, you can no longer (terms and conditions apply) physically unscrew the storage and inject malware and then pop it back in. Nor can you just read data off the drive.
The threat vector is basically ”our employees keep leaving their laptops unattended in public”.
(Does LUKS with a password mitigate most of this? Yes. But normal people can’t be trusted with passwords and need the TPM to do it for them. And that basically requires SecureBoot to do properly.)
That’s only one use of secure boot. It’s also supposed to prevent UEFI level rootkits, which is a much more important feature for most people.