“Complexity is the enemy” is a great quote. Definitely keeping that in my pocket for a future design doc review.
You simply sign a corporate contract and pay a corporate fee, and MICROS~1 will sign any shitty broken and backdoored bootloader that you send to them with zero quality control, and it was like that with Windows drivers for years.
If it says Microslop on it, it’s broken.
BY DESIGN
Or, like me, they never trusted it to begin with.
tldr: Either use your own keys or don’t trust secure boot.
No wonder no three letter agency has ever complained about it
The gaffe is the result of the failure by Microsoft, which oversees the signing of shims, to revoke the publicly available images once vulnerabilities were found in them.
no one noticed
Did that get Berenstained? I distinctly remember it being broken a decade a ago…
Its been broken multiple times, which is why its important to update your BIOS firmware if your motherboard manufacturer says they have patched security issues.
Yes it’s important to always update to make sure you also have the newest security holes in addition to the old ones that nobody’s noticed. /s







