Posted Oct 5, 2012 15:28 UTC (Fri) by raven667 (subscriber, #5198)
In reply to: updates by oak
Parent article: LSS: Secure Boot
The only code for which key material is in EFI is code that is run from EFI, firmware and bootloaders, which doesn't get updated very often as a practical matter. Revocations are likely to be rare. Drivers and other OS code which is more likely to have vulnerabilities and patches is handled by whatever OS specific mechanisms each OS decides on.