Sometimes I wonder whether having side-by-side, compatible, separately-implemented approaches that can be independently verified against each other at runtime could be an improvement. Ideally all open source, although arguably there's a seed-and-flower problem there: if the implementations happened to copy from each other then the resulting equivalence guarantees might be lower.
Whatever the solution is, I feel like it's unlikely to be an implementation from one vendor that has an exciting brand name and claims to solve most previously-existing secure boot problems.
Power management, mobile and firmware developer on Linux. Security developer at nvidia. Ex-biologist. Content here should not be interpreted as the opinion of my employer. Also on Mastodon and Bluesky.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Not the Apollo
Date: 2023-07-11 01:45 pm (UTC)Whatever the solution is, I feel like it's unlikely to be an implementation from one vendor that has an exciting brand name and claims to solve most previously-existing secure boot problems.