In case you missed it, Ars Technica has a story, Secure Boot is completely broken on 200+ models from 5 big device makers. The key* point is that “Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.” At some level, I get it. There’s a lot of work to do in shipping a big complex system, even if that big complex system is in a small form factor. But.
Should a company shipping a cryptographic product realize they need to do something about the keys? I have a hard time with an answer other than “yes.” What that work is depends on the system, but they seem to have failed to look at a fundamental component that’s a key part of the boot process. Never mind “look carefully.”
Two of the companies which failed have taken CISA’s Secure by Design Pledge. (It’s not hard to figure out which, but my goal here is not to call them out or shame them.) Should they be penalized? Removed?
https://shostack.org/blog/secure-boot-and-secure-by-design/
Adam Shostack :donor: :rebelverified: /
npub1s7…grcqn
2024-08-22 18:38:40
Author Public Key
npub1s7cghayd6cuu7tnvxw6xlxq5ddz0grs956tzwsqj59v5vvucgd7sdgrcqnPublished at
2024-08-22 18:38:40Event JSON
{
"id": "c8d25a1b314f37d9e550a4bc57371dba884b1976ad0718484ca8928d360852f6",
"pubkey": "87b08bf48dd639cf2e6c33b46f98146b44f40e05a696274012a159463398437d",
"created_at": 1724351920,
"kind": 1,
"tags": [
[
"proxy",
"https://infosec.exchange/@adamshostack/113007127430540689",
"web"
],
[
"proxy",
"https://infosec.exchange/users/adamshostack/statuses/113007127430540689",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/adamshostack/statuses/113007127430540689",
"pink.momostr"
],
[
"-"
]
],
"content": "In case you missed it, Ars Technica has a story, Secure Boot is completely broken on 200+ models from 5 big device makers. The key* point is that “Keys were labeled \"DO NOT TRUST.\" Nearly 500 device models use them anyway.” At some level, I get it. There’s a lot of work to do in shipping a big complex system, even if that big complex system is in a small form factor. But.\n\nShould a company shipping a cryptographic product realize they need to do something about the keys? I have a hard time with an answer other than “yes.” What that work is depends on the system, but they seem to have failed to look at a fundamental component that’s a key part of the boot process. Never mind “look carefully.”\n\nTwo of the companies which failed have taken CISA’s Secure by Design Pledge. (It’s not hard to figure out which, but my goal here is not to call them out or shame them.) Should they be penalized? Removed? \n\nhttps://shostack.org/blog/secure-boot-and-secure-by-design/",
"sig": "20ea67ce833277555e9b62b7f468f87089470b5e85176bd9c2905dac2cca8d88c61a991eb8e9c436bfcc09be13f63d8ea46d6effb163cf173b910c52a333e5ea"
}