UEFI signing and revocation challenges - hopefully forces us to improve UEFI SecureBoot. Each and every time a bootloader is introduced to a new environment, more checks than signing are likely necessary.

PKI is hard in practice, esp. firmware well here is Platform Key(PK) in a production Lenovo server mokutil --pk [key 1] Signature Algorithm: sha256WithRSAEncryption Issuer: CN=DO NOT TRUST - Test PK Validity Not Before: Mar 6 15:16:55 2013 GMT Not After : Mar 6 15:16:54 2017 GMT

From nothing to irrational to infinity - seems normal to me.

Join up in bolstering #UEFI it is in everyone's interest.

#downfall is here huh! downfall.page

C-cord strikes again. A worthy topic for secure development - probably for more than C++

Fire in the sky..

Moon and Jupiter tonight - just on the smartphone. irresistible view.

This is some very valuable work - PKI signing of firmware is crucial in the trust bootstrap. intel.com/content/www/us…

Some really great work on CPU bug that affects multiple CPU families. - heard of Fast String MSR? always new surprises lingering on how CPU optimizations and internal interpretations can also carry straggling bugs. lock.cmpxchg8b.com/reptar.html

This is some smoking good quality research on the zero-click adventures against iPhone.

#UEFI security updates tricking in.. support.microsoft.com/en-us/topic/kb… "or later"...

Here #UEFI SHIM related story has started. What happens when there is a bootloader vulnerability that is part of shim. eclypsium.com/blog/the-real-…

Intel Hardware Shield deep dive: part 2 is SMM security policy reporting (ISSR, aka PPAM) and interaction with Windows' Secure Launch. tandasat.github.io/blog/2024/03/1… Another fascinating piece of technology! I have wanted to review this for a while and am glad I have spent time for it.

"we are repeating the same mistakes that we did in the past, We decided at some point it is super convenient to mix code and data... we are mixing code and data that we send to these AI systems.... that are under the control of the user." Dr. Daniel Gruss youtube.com/watch?v=XxVHku…

In the upcoming #UEFIForum webinar “Coordinating #UEFI Vulnerabilities as CERT/CC,” Carnegie Mellon University will provide practical steps when coordinating UEFI vulnerabilities. Join us for the webinar on Nov. 21 at 8 a.m. PT: bit.ly/4ffgZZ1

Here is another #UEFI vulnerability that takes months to coordinate. UEFI blocking DBX updates are still trickling in - most Linux and Windows users, trusting SecureBoot, are currently vulnerable. Digitally signing supply-chain is another major gap in our UEFI 5 recommendations

The SEI's CERT Division has released a new vulnerability note: Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions. Learn more ➡️ kb.cert.org/vuls/id/252619…