PKfail - Nasty Secure Boot vulnerability

[Ice Tea]

https://www.pcworld.com/article/2460...-to-worse.html

https://www.bleepingcomputer.com/new...-months-later/

https://arstechnica.com/security/202...n-anyone-knew/

The debacle was the result of non-production test platform keys used in hundreds of device models for more than a decade. These cryptographic keys form the root-of-trust anchor between the hardware device and the firmware that runs on it. The test production keys—stamped with phrases such as “DO NOT TRUST” in the certificates—were never intended to be used in production systems. A who's-who list of device makers—including Acer, Dell, Gigabyte, Intel, Supermicro, Aopen, Foremelife, Fujitsu, HP, and Lenovo—used them anyway.

[Ice Tea]

https://www.gigabyte.com/Support/Security/2208

Gigabyte is updating their BIOSes.

From some of the comments on Reddit, Intel seems to be saying, “Meh, whatever, don’t care as we no longer do motherboards"

[jimbouk]

Configuration management is hard, but still... ouch.