OK. Correct me if I am wrong, but the whole point of the original post was that one currently can't replace keys very easily on chromebooks without disabling the write-protection on the flash part. Maybe I missed it, but it would have been more straight forward and clearer if this was directly called out as being the thing you are concerned about.
I am curious as to why you aren't concerned about who owns the firmware that actually runs on your systems. An SMM handler could easily be installed to snoop your information and do with it was it pleases. What does secure boot or verified boot buy you if you can't inspect/trust what is actually running on one's system?
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Everything that glitters isn't Secure Boot
Date: 2013-02-06 07:02 pm (UTC)I am curious as to why you aren't concerned about who owns the firmware that actually runs on your systems. An SMM handler could easily be installed to snoop your information and do with it was it pleases. What does secure boot or verified boot buy you if you can't inspect/trust what is actually running on one's system?