If your keys are stored in the TPM for use during the secure boot phase, there will be nothing for it to log.

The signature checks will immediately fail if ANY tampering has occurred.

Adding a USB keylogger that has not been signed will cause a signature verification failure during boot.

It doesn’t matter which kernel modules are used, as long as you have signed those changes before rebooting.

Im fairly certain any legacy hardware that doesn’t have secure boot as an option is going to struggle loading BF6 regardless.

The first two points are not related to secure boot at all.

Linux can run with secure boot just fine though. Use your distros documentation to set it up.

If you have physical access you have full access anyway. Etc.

You know secure boot was specifically made to protect users for this exact use case. Any tampering of the system will prevent the system from booting.

Why?

TPM has solved this now for more than a decade.

Verified boot + TPM encryption key storage is a huge layer of protection for the boot process.

Check out the Arch wiki for TPM. It has some good reading.

https://wiki.archlinux.org/title/Trusted_Platform_Module

You need VLANs if you want separate networks on the SAME router. But if you have separate routers, then you don’t need VLANs.

You will need two wireless access points. If the router you mentioned has two wireless access points built in, then just set one to connect to the shared network, and the other will act as an AP for your private network. Then the router can be configured to send WAN traffic out of the shared network AP.

If you use a router that only has a single AP built in, then you will need to purchase and additional AP to plug into one of your router’s LAN ports so that it has two total.

Some routers might have the ability to create multiple wireless networks on one router, but be sure the hardware can handle the load. I know my ubiquity UDR can create up to 5 wireless networks on that single device before you run into performance issues.

Honestly, if you’re using your own router, you won’t need to worry about VLANs as long as your router separates your private network from the shared one.

For example, if the shared network is 192.168.0.0/24, you can make your private network 192.168.5.0/24 and have your router’s firewall block incoming traffic from 192.168.0.0/24. Only allow WAN traffic out, and allow return traffic.

Then have your router or connected server act as the authoritative DNS and DHCP servers for the 192.168.5.0/24 private network.

One wireless AP will be used in client mode to connect to the 192.168.0.0/24 shared network. The other wireless AP will be used as an access point for other devices to connect to the 192.168.5.0/24 private network.

Snowden leaks. But also the Cambridge analytica scandal should also have been a red flag for everyone

Mf its been time to do that since 2013 for facebook and since musk bought twitter.

Yeah just make sure you purchase the unlocked version of the phone and you sb good to go then. They’re usually like $20 more expensive than the carrier locked phones.