(securityonline.info)

658 points transpute | 2 comments | 06 May 23 17:39 UTC | HN request time: 0.502s | source

Show context

PrimeMcFly ◴[06 May 23 18:59 UTC] No.35844325[source]▶

There is no reason to use a manufacture key anyway, at least for SecureBoot.

Obviously it isn't in everyone's skillset, but if you have the means there is nothing preventing you from generating and using your own key.

Honestly it seems like a good basic security precaution, not only to prevent against leaks like this, but also to counteract any backdoors (although kind of a moot point with chipmakers).

replies(3): >>35844568 #>>35844657 #>>35844906 #

1. Arnavion ◴[06 May 23 19:33 UTC] No.35844657[source]▶

>>35844325 #

Secure Boot keys are unrelated to the leaked key in question. The Boot Guard key is used to verify the firmware itself that the CPU executes on boot. What the firmware happens to do afterwards, say it's a UEFI firmware that implements Secure Boot, is irrelevant to Boot Guard.

replies(1): >>35844833 #

2. PrimeMcFly ◴[06 May 23 19:56 UTC] No.35844833[source]▶

>>35844657 (TP) #

Thank you for clarifying, realized that too late after commenting.

↑

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security