Ars TechnicaSecure Boot is completely broken on 200+ models from 5 big device makers
Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.
Jon [πΊπ¦,π³οΈβπ]@arstechnica I would not be surprised (especially given their replies) if the device manufacturers were leaking keys for old systems to force sales of new systems
M.O.M.O.@arstechnica Secure Boot is sadly βtoo big to failβ. Nobody will ever blacklist the vulnerable models like they should be.
aspragg> The encrypted file, however, was protected by a four-character password
It doesn't seem like you'd be giving much more away by reporting what the password was. Once an attacker knows it's only four characters, the search space is trivially tiny. And it might be amusing to know.
...
Was it "1234"?
(obSpaceballs That's amazing, I've got the same combination on my luggage.)
Or was it "love", given that "secret", "sex" and "god" are all the wrong length?
sarcastictoast@arstechnica Secure Boot is more like a glorified speed bump for the determined. A digital 'Do Not Enter' sign that's about as effective as a cardboard cutout of a guard dog. To be honest, it's almost impressive how many ways Secure Boot can fail to be secure. Almost.
Tanawts"So, Lone Star, now you see that evil will always triumph because good is dumb." - Dark Helmet
Orca π» | π | πͺ | π΄π³οΈββ§οΈ@arstechnica
If anyone want to check whether they're affected by this Secure Boot failure on Linux, install mokutil, run
If anyone want to check whether they're affected by this Secure Boot failure on Linux, install mokutil, run
mokutil --pk and see if the Platform Key is issued by DO NOT TRUST - AMI Test PK.