(securityonline.info)

658 points transpute | 3 comments | 06 May 23 17:39 UTC | HN request time: 0.908s | source

Show context

discerning_ ◴[06 May 23 18:40 UTC] No.35844121[source]▶

>>35843566 (OP) #

If these keys are leaked, they should be adopted by open source projects to disable secure boot.

replies(5): >>35844176 #>>35844425 #>>35844463 #>>35844475 #>>35844941 #

1. meepmorp ◴[06 May 23 19:13 UTC] No.35844463[source]▶

>>35844121 #

But secure boot is a good thing! I want my machines to verify what they're loading at boot time!

I just want to specify the root of trust.

replies(1): >>35844621 #

2. yyyk ◴[06 May 23 19:30 UTC] No.35844621[source]▶

>>35844463 (TP) #

There's mokutil to add your own key.

replies(1): >>35848255 #

3. csdvrx ◴[07 May 23 05:35 UTC] No.35848255[source]▶

>>35844621 #

no, a mok is just adding an unprotected UEFI variable. It's not the same as adding your key which can say disallow running payloads signed by Microsoft key.

↑

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security