Comment by cryptonector
2 days ago
> You need an integrated root-of-trust in your CPU in order to solve these.
Yes, quite. The BIOS/UEFI absolutely needs to store a public key of a primary key on the TPM, probably the EKpub itself for simplicity. Without that you will be vulnerable to an MITM attack, at least early in boot, and since the MITM could fool you about the root of trust for later, as long as the MITM can commit to always being there you cannot detect the attack.
No comments yet
Contribute on Hacker News ↗