|
|
Subscribe / Log in / New account

updates

updates

Posted Oct 5, 2012 10:29 UTC (Fri) by oak (guest, #2786)
In reply to: updates by pjones
Parent article: LSS: Secure Boot

What happens when the blacklist key database gets full?

to post comments

updates

Posted Oct 5, 2012 13:59 UTC (Fri) by mjg59 (subscriber, #23239) [Link]

It's possible to push out an update that wipes the existing blacklist and instead revokes the key at the root of that trust. That would be inconvenient (everyone with valid signed material would need to get it resigned) but possible.

updates

Posted Oct 5, 2012 15:28 UTC (Fri) by raven667 (subscriber, #5198) [Link]

The only code for which key material is in EFI is code that is run from EFI, firmware and bootloaders, which doesn't get updated very often as a practical matter. Revocations are likely to be rare. Drivers and other OS code which is more likely to have vulnerabilities and patches is handled by whatever OS specific mechanisms each OS decides on.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds