2024-07-27
Don't want to be a “well, actually” guy here, but the whole UEFI SecureBoot key hierarchy is supposed to be re-generated by the local admin, as trusting whomever (be it the HW vendor with their PK or MS with their KEK) other than yourself is way too dangerous even if convenient.
Ars Technica
Binarly: UEFI Secure Boot is completely compromised on 200+ device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro due to a cryptographic key leak
hundreds of devices from Dell, Supermicro and more all affected, here's what we know Adam Conway / XDA Developers : PKFail puts hundreds of computers and laptops at risk and render...
2024-07-26
Don't want to be a “well, actually” guy here, but the whole UEFI SecureBoot key hierarchy is supposed to be re-generated by the local admin, as trusting whomever (be it the HW vendor with their PK or MS with their KEK) other than yourself is way too dangerous even if convenient.
Ars Technica
Binarly: UEFI Secure Boot is completely compromised on 200+ device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro due to a cryptographic key leak
Keys were labeled “DO NOT TRUST.” Nearly 500 device models use them anyway. — In 2012, an industry-wide coalition of hardware …