|
|
|
|
|
|
by jauntywundrkind
695 days ago
|
|
|
They'd also need to know every user has upgraded the boot loader such that the system doesn't depend on those compromised keys! That does make it quite difficult to pull off any kind of key rotation. I'm not sure, but I think (well known Secure Boot tool) sbctl is saying that you can sign a bootloader with multiple keys, which would permit creating a bootloader that would work with the compromised & the new root-of-trust, which at least opens some window of possibility. https://github.com/Foxboron/sbctl/blob/master/docs/sbctl.8.t... |
|
|