There's a lot of signed Windows driver keys out there, and only a handful of cases of them being stolen. The Secure Boot scenario is actually different - you never get your key, it's stored by Microsoft. You upload the binary and the signed one comes back. So if someone steals your smartcards and gets access to the signing server as you, the audit trail means that only the subverted binaries need to be blacklisted. The key would probably be retired and replaced, but no reason to blacklist the signatures that are attached to the existing hardware.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2012-06-08 04:41 am (UTC)