Posted Sep 13, 2012 13:36 UTC (Thu) by pjones (guest, #31722)
In reply to: updates by micka
Parent article: LSS: Secure Boot
> I'm wondering how the key database (those called db and dbx in the article) are updated. Is the OS able to trigger that update ? Otherwise, I can't see how a key can even be blacklisted.
It's stored in a variable, and there's an "append only" update to it. The arguments to the /call/ to update it must be signed by a key that's in KEK, which will typically include the platform vendor and MS. So basically we get updates from the CA and apply them.
Of course as a user you can completely disable that if you want, and this is still more of "the plan" than "the implementation" at this point.
> Oww, questions keep piling : What happens if a kek is broken or leaked ? Or a pk ?
Then your vendor ships a firmware update (which is signed by a different PK pair) that removes that key from PK/KEK and adds a new one in. If you're very lucky they don't trash everything else that's there.
> Are firmware writer "trusted" to write bug-free firmwares ?
We certainly expect a time period after the Windows 8 launch in which some exploits are found, but if vendors act responsibly it should taper off as bugs are fixed in individual firmwares and the reference implementation from which they are derived. That's already begun happening, actually.