On Wed, 13 Jul 2022 13:57:33 +1200, Eliot Blennerhassett wrote:
From another source <https://www.theregister.com/2022/07/11/lenovo_secured_core/>, there is
I like this bit: So, to have Microsoft, the self-appointed steward of the UEFI Secure Boot ecosystem, turn round and say that a bunch of binaries that have been reviewed through processes developed in negotiation with Microsoft, implementing technologies designed to make management of revocation easier for Microsoft, and incorporating fixes for vulnerabilities discovered by the developers of those binaries who notified Microsoft of these issues despite having no obligation to do so, and which have then been signed by Microsoft are now considered by Microsoft to be insecure is, uh, kind of impolite? Especially when unreviewed vendor-signed binaries are still considered trustworthy, despite no external review being carried out at all. this Twitter comment: Just as a counter-example, we advocated very strongly to keep the 3rd party UEFI CA in our default DB for all configs to support customer flexibility. You'll have to figure out who else was in the room for these conversations for yourself... #iwork4dell