In a world where the NSA requests the X.509 private key of Lavabit, what makes anyone think they won't get their hands on the Intel signing key?
There is no Intel signing key. Each vendor uses their own key. There are some vendors who can probably be compelled to give up such a key by the NSA without too much trouble, and there are some vendors who probably can't.
But yeah, that's part of the problem. Being forced to trust that your hardware vendor will maintain good key security isn't necessarily realistic. UEFI Secure Boot allows you to revoke your machine's trust in your vendor, this doesn't.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
no subject
Date: 2015-02-16 09:47 pm (UTC)There is no Intel signing key. Each vendor uses their own key. There are some vendors who can probably be compelled to give up such a key by the NSA without too much trouble, and there are some vendors who probably can't.
But yeah, that's part of the problem. Being forced to trust that your hardware vendor will maintain good key security isn't necessarily realistic. UEFI Secure Boot allows you to revoke your machine's trust in your vendor, this doesn't.