[asdf2341234]

>is by corrupting firmware loaded at power-on time over SPI. >Secure boot would absolutely protect from that by rejecting the signature of the modified code. Why couldn't you also change out the keys so the signature does match?

[moonbug]

Doing so means compromising the TPM on the BMC module which is much harder to do. It's not something that can be done downstream in the supply chain, as this attack is purported to have been.