"The hash of the public half of the signing key is flashed into fuses on the CPU." This makes 3 questions cross my mind. 1) What happens if I replace the cpu. Am I now magically left unprotected. 2) Am I now stuck that I cannot swap cpu between different model motherboards at all if it been written. 3) With Intel Boot Guard how do I deal with vendor who private key leaks. Do I have to dump all that vendors hardware to be secure again. There appears to be absolutely no way to update the public key.
In my eyes it would have been more sane to add a i2c bus to the cpu to a chip that hold the public key. Of course from the cpu this been a read only i2c bus with a very limit set of instructions. People with direct physical access could remove and replace chip in case of vendor private key leak. CPU's would have remained replaceable. The i2c chip could be a pure rom and the storage ram in cpu for the key could be not writeable by anything else.
Protected Path idea does not like the idea that people will load up their own code.
Intel Boot Guard does not stop you attacker ripping out your cpu and putting in another one. Once a person has physical access all bets that the firmware will not be replaced is off. Really nothing stops attacker replacing complete motherboard in device. Its not the first time that complete laptops have been swapped to attack networks.
Intel Boot Guard makes it more profitable for Intel not really any more secure. In fact worse because a case of 2 computers 1 with borked motherboard and one with borked cpu you will not be able to make 1 out of 2. This could be life and death. Think you are at somewhere like the south pole or on mars no easy access to spares. So the boot guard could kill people.
Yes Intel Boot Guard is environmentally unfriendly and a health hazard.
I don't see the benifits I just see trouble.
This makes 3 questions cross my mind.
1) What happens if I replace the cpu. Am I now magically left unprotected.
2) Am I now stuck that I cannot swap cpu between different model motherboards at all if it been written.
3) With Intel Boot Guard how do I deal with vendor who private key leaks. Do I have to dump all that vendors hardware to be secure again. There appears to be absolutely no way to update the public key.
In my eyes it would have been more sane to add a i2c bus to the cpu to a chip that hold the public key. Of course from the cpu this been a read only i2c bus with a very limit set of instructions. People with direct physical access could remove and replace chip in case of vendor private key leak. CPU's would have remained replaceable. The i2c chip could be a pure rom and the storage ram in cpu for the key could be not writeable by anything else.
Protected Path idea does not like the idea that people will load up their own code.
Intel Boot Guard does not stop you attacker ripping out your cpu and putting in another one. Once a person has physical access all bets that the firmware will not be replaced is off. Really nothing stops attacker replacing complete motherboard in device. Its not the first time that complete laptops have been swapped to attack networks.
Intel Boot Guard makes it more profitable for Intel not really any more secure. In fact worse because a case of 2 computers 1 with borked motherboard and one with borked cpu you will not be able to make 1 out of 2. This could be life and death. Think you are at somewhere like the south pole or on mars no easy access to spares. So the boot guard could kill people.
Yes Intel Boot Guard is environmentally unfriendly and a health hazard.