Hacker News new | ask | show | jobs
by jauntywundrkind 700 days ago
It feels utterly absurd that devices typically have certain keys are baked in, cannot be removed. I believe there are still Microsoft keys on nearly every device?

It's unconscionable to tell users this is here to keep you safe, but that you have no control over it & if something goes wrong well then too bad, at best we might provide an update.

(Also that governments can probably force these root-of-trust companies to sign payloads to circumvent security is also pretty icky to me.)
2 comments
sillywalk 700 days ago
As I understand it, that's both the whole point of, and limitation to, the hardware root of trust - it can't be changed even with a firmware update.

Of course, if the key used to sign the firmware is compromised, the root of trust is still technically what it is supposed to do - verifying signatures, it's just that that it becomes irrelevant in terms of security / integrity.

link
hollerith 700 days ago
>As I understand it, that's both the whole point of, and limitation to, the hardware root of trust - it can't be changed even with a firmware update.

The OP states that the vendors could have revoked the compromised platform key with a firmware update. They just didn't bother.

link
jauntywundrkind 700 days ago
They'd also need to know every user has upgraded the boot loader such that the system doesn't depend on those compromised keys!

That does make it quite difficult to pull off any kind of key rotation. I'm not sure, but I think (well known Secure Boot tool) sbctl is saying that you can sign a bootloader with multiple keys, which would permit creating a bootloader that would work with the compromised & the new root-of-trust, which at least opens some window of possibility. https://github.com/Foxboron/sbctl/blob/master/docs/sbctl.8.t...

link
hollerith 700 days ago
This consumer (me) values security highly enough that he would prefer for the firmware update to render the machine unbootable (as long as it remains possible to render the machine bootable again by re-installing software).
link
commercialnix 700 days ago
It's like buying a house with locks that can not be changed.
link