|
|
|
|
|
|
by dathinab
695 days ago
|
|
|
I just wanted to check if I'm affected. ... then remembered I'm using custom platform keys tbh. I don't understand why secure boot is build around global root of trusts instead of ad-hoc per device trust (i.e. like custom platform keys but with better support), at most supported by some global PKI to make bootstraping on initial setup easier this would not eliminate but massively reduce how much "private key" got leaked vulnerabilities can affect secure boot chains (also move most complexity from efi into a user changeable chain loaders, including e.g. net boot, etc.) PS: To be clear " I don't understand why" is rhetorical, I do understand why and find it a terrible bad idea. |
|
|