We don't need to worry about the blacklist provided we have a way to add new keys, we can always sign everything with a new key. Simple.
Instead, imagine a future where one can actually brick a motherboard from software. Imagine that in this future an exploit is found in win8 (unthinkable I know). Now suppose that a piece of scare-ware does this:
1. exploit windows, add a signed scareware bootloader. 2. Add said signed software's key to whitelist. 3. Blacklist windows.
Before the best scareware could do is take files hostage. The average user has some pretty valuable files, but rarely is there a dollar ammount associated with these files. Instead, now scareware can hold the entire computer hostage. Users know exactly how much they paid for the computer, and how much it would cost to replace or fix.
Physical control of a computer should always allow control.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Re: Blacklisting the Linux keys
Date: 2011-09-24 12:25 am (UTC)Instead, imagine a future where one can actually brick a motherboard from software. Imagine that in this future an exploit is found in win8 (unthinkable I know). Now suppose that a piece of scare-ware does this:
1. exploit windows, add a signed scareware bootloader.
2. Add said signed software's key to whitelist.
3. Blacklist windows.
Before the best scareware could do is take files hostage. The average user has some pretty valuable files, but rarely is there a dollar ammount associated with these files. Instead, now scareware can hold the entire computer hostage. Users know exactly how much they paid for the computer, and how much it would cost to replace or fix.
Physical control of a computer should always allow control.