beep@piefed.world to Technology@lemmy.worldEnglish · 3 days agoMicrosoft’s Secure Boot has been broken for a decade and no one noticed until nowwww.welivesecurity.comexternal-linkmessage-square64fedilinkarrow-up1256arrow-down14file-text
arrow-up1252arrow-down1external-linkMicrosoft’s Secure Boot has been broken for a decade and no one noticed until nowwww.welivesecurity.combeep@piefed.world to Technology@lemmy.worldEnglish · 3 days agomessage-square64fedilinkfile-text
cross-posted from: https://piefed.world/c/tech/p/1263218/microsofts-secure-boot-has-been-broken-for-a-decade-and-no-one-noticed-until-now
minus-squareevadersnack@sopuli.xyzlinkfedilinkEnglisharrow-up1·3 days agoA PKI without a CRL will eventually become exploitable.
minus-squareThe_Decryptor@aussie.zonelinkfedilinkEnglisharrow-up1·2 days agoSecure boot does have a revocation mechanism (It’s literally how this issue has been mitigated) though. You can not only load in allowed signatures, you can also load in disallowed ones so even properly signed binaries will get rejected.
A PKI without a CRL will eventually become exploitable.
Secure boot does have a revocation mechanism (It’s literally how this issue has been mitigated) though.
You can not only load in allowed signatures, you can also load in disallowed ones so even properly signed binaries will get rejected.