Garrett: UEFI secure booting
Posted Sep 20, 2011 20:01 UTC (Tue) by jhhaller
Parent article: Garrett: UEFI secure booting
If I were designing a BIOS, I would include the Microsoft key and my own key, and provide software signed by my key which could sign other software and install a key. That ensures that one can't update the list of keys except with signed software. Assuming that any signed software doesn't maliciously add new keys, its a reasonable security model.
Of course, the first thing that will happen is that someone will crack Windows, and, since it is trusted, add their own signature for the rootkit they are installing to make the machine a zombie. The second thing is that someone will start cracking UEFI boot, since security is where people start attacking. Given some of the comments about BIOS authors, I'm not sure they are the people with which one wants to entrust security.
to post comments)