|
Authored by: Anonymous on Monday, July 16 2012 @ 11:20 AM EDT |
On 1: I severely doubt that *at least* one of the Microsoft keys won't get
scattered across the internet like 09F9 within a few years. Once that happens,
then the whole thing fails.
That's the problem with "Security by Authority", it's doesn't work.
The whole thing will only work if people are their own authority and sign
everything themselves. Which isn't going to get pushed as a solution anytime
soon by any of the people who are pushing for "Secure Boot".[ Reply to This | Parent | # ]
|
|
Authored by: Anonymous on Monday, July 16 2012 @ 05:33 PM EDT |
It seemed a reasonable question to me too, altho' I do keep an eye
on some of the more serious security blogs. My understanding of how
UEFI + Secure Boot works is that when (not if) the BlackHats break it
one of two options arise:
a. the WhiteHats will be able to re-image/re-flash it; or
b. the device is bricked.
We can count the probability of (b) as close to zero,
otherwise the vendors will receive some medieval retribution.
(a) means anybody can re-image/flash the device, for moderately
geekish values of "any".
The answer to the OP's Q.2 seems to be none, yet.
Add the conclusion to (a) above and another question arises,
Why is anybody bothering with SecureBoot? Insurance?
The Linux software manufacturing process greatly reduces
the likelihood of an attack by any of the now known vectors.[ Reply to This | Parent | # ]
|
|
|
|
|