Matthew Garrett ([personal profile] mjg59) wrote 2011-10-20 02:32 pm (UTC)

Re: What happens if one of the supported keys gets leaked/discovered?

I think the assumption here is that the keys don't expire, but yes, there is a mechanism for blacklisting either keys or individual signatures. A KEK-signed update can be pushed and flashed at runtime without requiring the user to do a full BIOS update - on Windows I'd expect that to happen as part of Windows Update, Linux distributions will obviously have to figure out some mechanism.
(40 comments)

Post a comment in response:

If you don't have an account you can create one now.
HTML doesn't work in the subject.
More info about formatting

If you are unable to use this captcha for any reason, please contact us by email at support@dreamwidth.org

 
Notice: This account is set to log the IP addresses of everyone who comments.
Links will be displayed as unclickable URLs to help prevent spam.