undefined | Better HN

0 pointshollerith1y ago0 comments

>As I understand it, that's both the whole point of, and limitation to, the hardware root of trust - it can't be changed even with a firmware update.

The OP states that the vendors could have revoked the compromised platform key with a firmware update. They just didn't bother.

0 comments

jauntywundrkind1y ago

They'd also need to know every user has upgraded the boot loader such that the system doesn't depend on those compromised keys!

That does make it quite difficult to pull off any kind of key rotation. I'm not sure, but I think (well known Secure Boot tool) sbctl is saying that you can sign a bootloader with multiple keys, which would permit creating a bootloader that would work with the compromised & the new root-of-trust, which at least opens some window of possibility. https://github.com/Foxboron/sbctl/blob/master/docs/sbctl.8.t...

hollerithOP1y ago

This consumer (me) values security highly enough that he would prefer for the firmware update to render the machine unbootable (as long as it remains possible to render the machine bootable again by re-installing software).

j / k navigate · click thread line to collapse