> A simple call to sbctl to sign the rootkit is missing, because, as every Linux... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

		jeroenhd 1 day ago \| parent \| context \| favorite \| on: Bootkitty: Analyzing the first UEFI bootkit for Li... > A simple call to sbctl to sign the rootkit is missing, because, as every Linux device, you will have to have the signature keys available locally. Now that would be something! Unfortunately, I haven't discovered Microsoft's private key on my computer yet.

exceptione 1 day ago [–]

If you roll your own keys, as MS happens to lose some. But as I replied to parent, storing them on a fido2 device or in a crypted file would alleviate the issue. If not, please educate me.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact