Quote:
Originally Posted by Sigg3.net
(Post 4940055)
When 1 hardware key is hard-coded into the firmware,
|
It's revocable.
OEMs can add/change as many keys as they like ...
Quote:
Originally Posted by Sigg3.net
(Post 4940055)
my opinion is that it is security through obscurity.
|
Even if it would rely on just one key (it doesn't), where's the obscurity?
Quote:
Originally Posted by Sigg3.net
(Post 4940055)
You just need 1 key to defeat the whole house of cards.
|
That's not true.
They're both revocable and expandable.
You can add a different key for every driver and change/blacklist them later.
Quote:
Originally Posted by Sigg3.net
(Post 4940055)
Remember when the first bluray code was found. If the process was F/OSS it would not be possible to use this approach to security because the source would be available to anyone. That was my point with the GPL reference:)
|
I still don't see the similarity.
Do you consider keeping your ssh and gpg keys private as anti-FOSS/GPL as well ... ?
PS: I think you're confusing Secure Boot with the bigger Restricted Boot problem.
|