←back to thread

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

(securityonline.info)
658 points transpute | 5 comments | 06 May 23 17:39 UTC | HN request time: 1.084s | source
Show context
bawolff ◴[06 May 23 18:52 UTC] No.35844267[source]
Its kind of surprising that such a high value key wasn't split into multiple subkeys.
replies(1): >>35844516 #
1. wmf ◴[06 May 23 19:18 UTC] No.35844516[source]
We've had HSMs for decades and Intel isn't forcing their OEMs to use them. This is pretty sad.
replies(1): >>35845649 #
2. transpute ◴[06 May 23 21:51 UTC] No.35845649[source]
https://twitter.com/matrosov/status/1654930508252581888
replies(1): >>35846126 #
3. bawolff ◴[06 May 23 22:59 UTC] No.35846126[source]
Sure, but intel is ultimately left holding the bag here not the oem, and it was totally within their power to put stipulations in the contract around key management.
replies(2): >>35846614 #>>35847257 #
4. transpute ◴[07 May 23 00:18 UTC] No.35846614{3}[source]
Margins are not great in the x86 PC hardware business. Has there ever been a lawsuit between Intel and an OEM?
5. wmf ◴[07 May 23 02:14 UTC] No.35847257{3}[source]
Contracts don't work. IMO Intel should not provide raw keys to the OEMs but HSMs with the keys preloaded. And MS should require good key management for the Secured Core sticker (although probably few/no MSI products are Secured Core anyway).