Comment by naturalmovement
2 days ago
I can guarantee you with nearly 100% certainty that UEFI TLS clients are bound to be buggy garbage broken in not-insignificant ways.
2 days ago
I can guarantee you with nearly 100% certainty that UEFI TLS clients are bound to be buggy garbage broken in not-insignificant ways.
From the article, it's using OpenSSL in EDK II
In fact, a whole section of the article is dedicated to talking about how they got tripped up by OpenSSL security level 3 rejecting 2048 bit RSA key
The IP stack and HTTP clients are problematic enough without adding the enormous complexity of a TLS implementation on top.
They have a hard enough time managing the relatively few certificates for secure boot.
You want me to believe all the various BIOS manufacturers are going to competently manage a WebPKI root certificate program?