Hacker News new | past | comments | ask | show | jobs | submit login

I don't think this is supposed to secure against someone with physical access.

If they have physical access and are replacing the BIOS, they could just replace the CPU at the same time with a fresh unlocked one that will lock itself to the replacement's signing key on first boot.




Can these CPUs sign with its key from software? If they can, then that system can not sign with the original key, and it is trivial to catch it.


The key in question is a public key, it's not a secret. The CPU uses it to verify the BIOS, not the other way around.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: