Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://mastodon.social/users/kennwhite/statuses/112849017500519322">Kenn White (kennwhite@mastodon.social)'s status on Friday, 26-Jul-2024 22:24:50 JST</a><a href="https://mastodon.social/@kennwhite" title="kennwhite@mastodon.social"><img src="https://gnusocial.jp/avatar/92173-48-20230126175803.webp" width="48" height="48" alt="Kenn White" style="position: absolute; left: 0; top: 0;">Kenn White</a><div><ul><li></ul></div></section><article><p>Protip: When choosing a root-of-trust encryption key for a hardware secure enclave, maybe don't use the vendor's asymmetric key literally labeled "CN=DO NOT TRUST - Test PK". New scoop by <a href="https://infosec.exchange/@dangoodin">@dangoodin</a>: Secure Boot is Completely Broken on 200+ Models from 5 Big Device Makers </p><p><a href="https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/" rel="nofollow noreferrer">https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3431820#notice-6747229">In conversation</a><time datetime="2024-07-26T22:24:50+09:00" title="Friday, 26-Jul-2024 22:24:50 JST">about 4 months ago</time> <span>from <span><a href="https://mastodon.social/@kennwhite/112849017500519322" rel="external" title="Sent from mastodon.social via ActivityPub">mastodon.social</a></span></span><a href="https://mastodon.social/@kennwhite/112849017500519322">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: cdn.arstechnica.net</div><h5><a href="https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/">Secure Boot is completely broken on 200+ models from 5 big device makers</a></h5><div></div></header><div>Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Kenn White (kennwhite@mastodon.social)'s status on Friday, 26-Jul-2024 22:24:50 JSTKenn White
- Dan Goodin
Protip: When choosing a root-of-trust encryption key for a hardware secure enclave, maybe don't use the vendor's asymmetric key literally labeled "CN=DO NOT TRUST - Test PK". New scoop by @dangoodin: Secure Boot is Completely Broken on 200+ Models from 5 Big Device Makers
https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
In conversationabout 4 months ago from mastodon.socialpermalink
Attachments
1. Domain not in remote thumbnail source whitelist: cdn.arstechnica.net
  Secure Boot is completely broken on 200+ models from 5 big device makers
  Keys were labeled "DO NOT TRUST." Nearly 500 device models use them anyway.

Public

Embed Notice

HTML Code

Corresponding Notice