LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

LSS: Secure Boot

LSS: Secure Boot

Posted Sep 24, 2012 8:42 UTC (Mon) by nix (subscriber, #2304)
In reply to: LSS: Secure Boot by Cyberax
Parent article: LSS: Secure Boot

So... if MS's key gets compromised and a huge proportion of the world's machines are rendered unbootable... MS gets compensation? That's reassuring.

(Log in to post comments)

LSS: Secure Boot

Posted Sep 24, 2012 18:24 UTC (Mon) by Cyberax (✭ supporter ✭, #52523) [Link]

Well, the world's root DNS zone is also signed by a key in a HSM.

LSS: Secure Boot

Posted Sep 25, 2012 8:20 UTC (Tue) by alonz (subscriber, #815) [Link]

Yeah, that sure is reassuring. </sarcasm>

Have you, perhaps, seen this? Or this (as applied to HSM's, considering the incompetence apparent from the first link)? I don't think HSM's are as magic as people expect them to be…

LSS: Secure Boot

Posted Sep 25, 2012 8:29 UTC (Tue) by Cyberax (✭ supporter ✭, #52523) [Link]

Naw, HSMs are protected against trivial attacks like this. I know for a fact that a certain large HSM from a company which names begins with "T" has an intermediary buffer that holds data after the encryption for a random (and quite significant) amount of time before transmitting it to client.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds