Comments on: Intel BootGuard OEM Private Key Allegedly Leaked

By: RBG

RBG — Wed, 10 May 2023 09:44:33 +0000

@Nils
If AMD’s openSIL plan ends up working as announced, it will go a long way. It is not going to be 100% there, but a lot better than what we have today.

By: Nils

Nils — Tue, 09 May 2023 10:21:13 +0000

How about instead of relying on trust we rely on verification instead? That would mean publishing the source of a lot of components, in which case we can build and verify it ourselves and use our own keys to sign stuff instead of relying on security by obscurity with a big helping of certification snake-oil.

By: Preston L. Bannister

Preston L. Bannister — Sun, 07 May 2023 16:44:54 +0000

Are there other leaks that have not become public?
Likely this is not the first, or the last.

From history, we know that secrets leak.

By: wb

wb — Sun, 07 May 2023 07:38:44 +0000

Why is this even a surprise to anyone? Every lock is destined to be busted. It’s a matter of being able to mimimize and localize the damage. The Intels, AMDs, Ciscos etc of the world hording the silver bullet that kills everyone all at once has been, is and will always be the fevered dream of security kabuki theatre because obviously key ancryption 123 and protocol XYZ can never be broken…except with money, physical violence and the quest for glory by ones deeds. So, basically unbreakable security and this is just a totally unavoidable black swan event no one can expect or prepare for and move along, nothing to see here.

By: Jim Z

Jim Z — Sun, 07 May 2023 04:29:47 +0000

Why did MSI even have access to Intel’s private keys? You would have thought that MSI just had their own keys which were signed by Intel.

That you can compromise other OEMs is astounding.

By: fuzzyfuzzyfungus

fuzzyfuzzyfungus — Sat, 06 May 2023 23:14:23 +0000

I’m not holding out much hope; but it would be nice if this episode would encourage some more pushback on Intel’s habit of maintaining a much hyped but comparatively ill-documented roster of snappily named black boxes that are more ‘trusted’ than trustworthy.

We have what appears to be a significant key handling fiasco and so far all the information is 3rd parties who have been reverse engineering around the edges of Intel’s various buzzwords; along with some Intel pitch decks about the glories of “Hardware Shield” and not even an official response. Not a great look.