On Fri, 26 Jul 2024 08:46:37 +1200, Peter Reutemann quoted:
'On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022.'
And why haven’t those keys been revoked? Because it would break too many machines still in use by too many customers. What makes it worse is some of those certs should never have made it onto production machines. They have CNs clearly saying “DO NOT SHIP” or “DO NOT TRUST”, yet they got shipped (and trusted) anyway. I was always sceptical of Secure Boot. And my opinion has gone downhill with every new story of a screwup like this. It hasn’t been the first breakdown in Secure Boot, and it’s not going to be the last.