最近の検索
検索オプション
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
https://www.binarly.io/blog/pkfail-untrusted-platform-keys-undermine-secure-boot-on-uefi-ecosystem
PKfail - Binarly Research Report July 25 2024.pdf
https://22222483.fs1.hubspotusercontent-na1.net/hubfs/22222483/Reports/PKfail%20-%20Binarly%20Research%20Report%20July%2025%202024.pdf
> This key was likely included in their reference implementation with the expectation that it would be replaced with another safely-generated key by downstream entities in the supply chain.
> These test keys have strong indications of being untrusted (for example, the certificate issuer contains the “DO NOT TRUST” or “DO NOT SHIP“ strings).
> We discovered the private component of one Platform Key in a data leak where a suspected ODM employee published the source code containing the PK on a public GitHub repository. The private key was stored in an encrypted file, which was “protected” by a weak 4-character-long password and thus easily guessable with any password-cracking tool.
どこから突っ込めばいいんだこれは。溜息しか出ないぞ