Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

(securityonline.info)

658 points transpute | 1 comments | 06 May 23 17:39 UTC | HN request time: 0.202s | source

Show context

yarg ◴[06 May 23 18:50 UTC] No.35844230[source]▶

>>35843566 (OP) #

Unless and until we get to efficient homomorphic compute, these measures will only ever be security via obscurity.

replies(1): >>35844248 #

bawolff ◴[06 May 23 18:51 UTC] No.35844248[source]▶

>>35844230 #

I don't see how homomorphic encryption is particularly applicable to secureboot.

replies(1): >>35844352 #

yarg ◴[06 May 23 19:02 UTC] No.35844352[source]▶

>>35844248 #

You want to be able to deploy and execute code outside the control of whoever physically controls the machine.

Either you implement it with security features hidden from the device holder, in which case it will always be broken eventually, or you guarantee the capabilities with mathematics - in which case a security break cannot happen even if the physical machine's description is completely public.

There are certainly layers to this that I'm missing, but I think homomorphic compute is the only unbreakable answer to secure compute in general.

replies(3): >>35844481 #>>35844523 #>>35845166 #

1. dist-epoch ◴[06 May 23 20:37 UTC] No.35845166[source]▶

>>35844352 #

> You want to be able to deploy and execute code outside the control of whoever physically controls the machine.

Microsoft solved this problem on the latest Xbox. Many years after it was launched, it's still not jail-broken.

They are now working on bringing that technology to regular Windows/PCs - Pluton.

↑