I'm probably just missing it, but I'm not seeing a step where the firmware itsel... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

monocasa on May 4, 2023 | parent | context | favorite | on: UEFI Secure Boot on the Raspberry Pi

I'm probably just missing it, but I'm not seeing a step where the firmware itself is locking itself to an individual RPi, which would mean you can simply change out the USB drive itself and boot whatever you want.

Does it do that transparently, maybe when the keys are enrolled?

ilyt on May 4, 2023 [–]

The idea is that then bootloader verifies the rest; then your kernel would need to verify everything it runs.

monocasa on May 5, 2023 | [–]

Sure, but also normally you aren't manually installing the relevant firmware. There's different semantics when the 'firmware' lives on the same block device as your root filesystem.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact