Matthew Garrett on Nostr: Secure boot has stopped real-world attacks. Boot Guard has, to the best of my ...
Secure boot has stopped real-world attacks. Boot Guard has, to the best of my knowledge, not. In reality vendors repeatedly leak their keys, use publicly available test keys, sign the boot block and not sign their DXE, and basically fuck up in every conceivable way. But we've never had public disclosure of any of this mattering, because boot guard only realistically protects against physical attacks and at that point there's easier ways to mess with someone (like, just disable secure boot)
Published at
2025-02-26 20:32:31Event JSON
{
"id": "d0b76fcf84262b594398404c3a37619c795fb6dfb34bc7c681679c51a65af220",
"pubkey": "ef5e80e6c74387ef14f5c6b89079f22b6847dc14365001c0ed662a20bd891677",
"created_at": 1740601951,
"kind": 1,
"tags": [
[
"e",
"cfd051956802657599de4a70c1fc7b22d402d33ccfbf131e4aefee4b7daa44f2",
"wss://relay.mostr.pub",
"reply"
],
[
"proxy",
"https://nondeterministic.computer/users/mjg59/statuses/114072089513988762",
"activitypub"
]
],
"content": "Secure boot has stopped real-world attacks. Boot Guard has, to the best of my knowledge, not. In reality vendors repeatedly leak their keys, use publicly available test keys, sign the boot block and not sign their DXE, and basically fuck up in every conceivable way. But we've never had public disclosure of any of this mattering, because boot guard only realistically protects against physical attacks and at that point there's easier ways to mess with someone (like, just disable secure boot)",
"sig": "8f7e691db22b826cc0c5fa4597af4f97606d824442724d40a5f74337da8fc55531d2f874d802059811a00c28d9b49cc67a5562837964e2f21e8389a292864200"
}
