With the correct signing keys, you could make every UEFI secure-boot-enabled machine in the world seamlessly run whatever you want them to. You could infect them with undetectable malware.
Now, imagine every computer on every office vulnerable to your malware because you have the signing keys used by Microsoft.
How much computing power would you dedicate to get that keys? How much money would you spend? A billion? Ten? That's the price of a single fully-loaded bomber these days. How can you be absolutely sure the keys are kept secure enough from someone willing to spend a fraction of their military budget to get what could amount to be the ultimate cyberweapon?
>With the correct signing keys, you could make every UEFI secure-boot-enabled machine in the world seamlessly run whatever you want them to. You could infect them with undetectable malware.
>Now, imagine every computer on every office vulnerable to your malware because you have the signing keys used by Microsoft.
Even if that doomsday scenario comes into play, things would just go back to... the present.. where there is no locked bootloader.
Now, imagine every computer on every office vulnerable to your malware because you have the signing keys used by Microsoft.
How much computing power would you dedicate to get that keys? How much money would you spend? A billion? Ten? That's the price of a single fully-loaded bomber these days. How can you be absolutely sure the keys are kept secure enough from someone willing to spend a fraction of their military budget to get what could amount to be the ultimate cyberweapon?