• @narc0tic_bird@lemm.ee
    link
    fedilink
    114 months ago

    I have yet to see a good implementation of Secure Boot, and that’s just from a user interface standpoint.

    How can I check which keys are installed in the EFI/BIOS UI? And then delete a specific key? I only ever saw options like “reset to factory settings”.

    Factory settings are just Microsoft’s keys most of the time, and often there’s no way to delete/not trust Microsoft’s keys.

    The whole system is way too intransparent. May as well turn it off.

    • Ghoelian
      link
      fedilink
      English
      34 months ago

      Yeah, the only thing I’ve ever seen is the MOK management thingy your bios will throw you into if something wants to add a new key, but iirc that can only list the key you’re about to add, not all of them. I also have no idea how you get to that menu without adding a new key.

    • Em Adespoton
      link
      fedilink
      24 months ago

      The new bit is essentially that a bunch of vendors have been using test keys in production hardware, mostly enterprise hardware, and nobody has implemented key clustering or rotation like the original design spec recommended.

      Beyond that, the older news is the legitimate production key compromise, stored online behind a four character password. But this one’s not as big an issue as most of the implicated hardware is already EOL and no longer in use.