←back to thread

Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

(securityonline.info)
658 points transpute | 1 comments | 06 May 23 17:39 UTC | HN request time: 0s | source
Show context
codedokode ◴[06 May 23 18:40 UTC] No.35844123[source]
Isn't it good? Does leaked key mean that now owners of hardware will be able to read and modify the firmware, including IME, and check it for backdoors?

Such keys should be in the hands of users, not Intel.

replies(5): >>35844144 #>>35844419 #>>35844928 #>>35845513 #>>35845801 #
1. mjg59 ◴[06 May 23 22:13 UTC] No.35845801[source]
Nothing's prevented you from reading the firmware - this is a signing key, not an encryption key. Multiple people have spent time reverse engineering the ME firmware, people have found bugs but no evidence of a backdoor.