[naturalmovement]

> > adding the TLS layer brings back the missing integrity

A foolish interpretation of what TLS does and I see this every day. Integrity of the bits and bytes in transit is unimportant here. Validation of the signed software after you have received it is everything. TLS integrity is at best redundant and at worst — the interpretation made here — leaves you vulnerable and with a false sense of security.

Anyone who has gone to the trouble to modify software to inject malware would certainly happily serve it to you over TLS.

[rwmj]

In theory the client could validate a specific server with a pinned certificate, although TLS implementations can make this difficult to do in practice. TLS also lets you use client certificates to authenticate the client to the server, which could be a win in some situations (although also a PITA to set up).

[naturalmovement]

I can guarantee you with nearly 100% certainty that UEFI TLS clients are bound to be buggy garbage broken in not-insignificant ways.

[nijave]

From the article, it's using OpenSSL in EDK II

In fact, a whole section of the article is dedicated to talking about how they got tripped up by OpenSSL security level 3 rejecting 2048 bit RSA key

[bigfatkitten]

The IP stack and HTTP clients are problematic enough without adding the enormous complexity of a TLS implementation on top.

[naturalmovement]

They have a hard enough time managing the relatively few certificates for secure boot.

You want me to believe all the various BIOS manufacturers are going to competently manage a WebPKI root certificate program?

[eggnet]

TLS also allows for the contents of a boot image to be hidden from others.

[naturalmovement]

Ok, but so what?

You guys are out here protecting against ghosts but at the same time making the really important stuff 10x harder and more vulnerable to bugs.