←back to thread

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

(securityonline.info)

658 points transpute | 4 comments | 06 May 23 17:39 UTC | HN request time: 0.004s | source

Show context

discerning_ ◴[06 May 23 18:40 UTC] No.35844121[source]▶

>>35843566 (OP) #

If these keys are leaked, they should be adopted by open source projects to disable secure boot.

replies(5): >>35844176 #>>35844425 #>>35844463 #>>35844475 #>>35844941 #

fowtowmowcow ◴[06 May 23 19:08 UTC] No.35844425[source]▶

I'm not sure that they can of the key is proprietary to Intel. I think this would open up those projects to litigation.

replies(3): >>35844462 #>>35844871 #>>35844974 #

zapdrive ◴[06 May 23 19:13 UTC] No.35844462[source]▶

It's just a string of characters.

replies(2): >>35844483 #>>35844550 #

1. brookst ◴[06 May 23 19:24 UTC] No.35844550[source]▶

So are bomb threats and false advertising.

I don't think "it's just characters" is a one-simple-trick.

replies(1): >>35845922 #

2. ok123456 ◴[06 May 23 22:32 UTC] No.35845922[source]▶

>>35844550 (TP) #

you make a mathematical formula that generates the key.

replies(1): >>35846786 #

3. evancox100 ◴[07 May 23 00:52 UTC] No.35846786[source]▶

Good luck with that argument!

"Your honor, I wasn't copying that movie. You see, I applied a mathematical formula to the .zip file, and it just happened to produce the movie as output. Coincidence!"

(That's not to say the key is copyrightable, it's not. I think the relevant law would be the DMCA anti-circumvention provision.)

replies(1): >>35847259 #

4. brookst ◴[07 May 23 02:15 UTC] No.35847259{3}[source]▶

"I didn't distribute the movie, just a file that XOR'd every byte with 255!"

Technical people tend to see the law as a technical thing, where technical arguments will win. Courts are generally unamused, since every judge has years of experience with defendants who think that they've discovered one simple trick.