zlacker

[parent] [thread] 1 comments
1. grishk+(OP)[view] [source] 2022-07-30 01:26:54
I'm not saying that secure boot is inherently a bad idea. It's a good idea but only if all signing keys are treated equally. Right now, they aren't. AFAIK modern motherboards, those of them that use UEFI, come with Microsoft keys preloaded — and that preferential treatment is the part that's not okay. In an ideal world, all devices that support secure boot should come with a completely empty keystore so that you could either trust Microsoft keys or generate your own key pair and trust that. Possibly re-sign the Windows bootloader with it even.

It's much, much worse with mobile devices. You can re-lock the bootloader on a Pixel with your custom key, but you still can't touch TrustZone and you'll still get a warning on boot that it's not running an "official" OS build.

replies(1): >>mindsl+IZ
2. mindsl+IZ[view] [source] 2022-07-30 15:05:09
>>grishk+(OP)
This logic works for software signing, but not remote attestation. For remote attestation, the "tamper-proof-ness" is the root of the trust chain, and the signing keys are individually baked into the specific piece of hardware and not controlled by a third party. You seem to be hoping that we can disrupt that chain of trust by having manufacturers not record the public keys associated with each piece of hardware (such that individuals could create their own signing keys on open hardware), but that's just not going to happen.
[go to top]