Re: Boot failed on latest CentOS 7 update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Sun, Aug 2, 2020 at 1:01 PM Phil Perry <pperry@xxxxxxxxxx> wrote:

> I believe Microsoft signs the shim which then becomes the trusted
> authority and embeds RH (or CentOS) signing cert, so (I believe) every
> release of the shim needs to be signed by Microsoft. So it's not quite
> as efficient as MS signing a RH/CentOS CA key, but is not far off.
>


One of the things that bugs me about PKI trust chains like this, what
happens if the unthinkable happens, and Microsoft's RootCA gets compromised
and has to be revoked... does that mean every single piece of UEFI
hardware  out there needs a BIOS upgrade?  and don't UEFI bios updates
have to be signed too?



-- 
-john r pierce
  recycling used bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux