Re: Boot failed on latest CentOS 7 update

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

On Sun, Aug 2, 2020 at 3:54 PM Gordon Messmer <gordon.messmer@xxxxxxxxx>
wrote:

> On 8/2/20 1:19 PM, John Pierce wrote:
> > One of the things that bugs me about PKI trust chains like this, what
> > happens if the unthinkable happens, and Microsoft's RootCA gets
> compromised
> > and has to be revoked... does that mean every single piece of UEFI
> > hardware  out there needs a BIOS upgrade?
>
>
> Yes.  They'll be vulnerable to malware signed by the old CA until
> they're updated.
>
> That's better than systems without a PKI trust chain, which are
> vulnerable all of the time.


isn't it more that they simply won't work with newer boots that were signed
by the new keys?  and the updated BIOS's won't boot older OS versions that
weren't signed by the new keys?

BIOS updates are often not available for sligthly older hardware, once it
goes out of production most vendors lose all interest.

>
>


-- 
-john r pierce
  recycling used bits in santa cruz
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]

  Powered by Linux