Issue #417 has been reported by Simon Brand. ---------------------------------------- Feature #417: Show platform key on boot when secure boot is enabled https://ticket.coreboot.org/issues/417
* Author: Simon Brand * Status: New * Priority: Normal * Target version: none * Start date: 2022-10-02 * Related links: [0] https://source.android.com/docs/security/features/verifiedboot/boot-flow#locked-devices-with-custom-root-of-trust [1] https://issuetracker.google.com/issues/217720443 [2] https://source.codeaurora.org/quic/la/abl/tianocore/edk2/tree/QcomModulePkg/Library/BootLib/VerifiedBootMenu.c?h=LA.UM.8.9.1.r1-03800-QCS610.0&id=8e06dfd3ceeb323546d330e918d19c542d2daee2#n340 * Affected hardware: All * Affected OS: All but Windows ---------------------------------------- I think it is useful to show the hash of the platform key, if a different platform key than default (Microsoft trusted Platform Key) is the current platform key and secure boot is enabled. It must be shown, before the operating system could have been started (to avoid the OS showing it with an older UEFI, which lacks this feature), also it makes sense to pause the screen, so you can verify the hash. Why? To make sure the correct operation system is loading and nobody tampered the devices platform key and disk. Android smartphones have this feature for several years. [0] Please keep in mind, that the screenshots are not fully up-to-date, devices show not only the first 8 digits, but the full root of trust hash since a few months. [1] The reference source code is available here: [2] -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: https://ticket.coreboot.org/my/account _______________________________________________ coreboot mailing list -- [email protected] To unsubscribe send an email to [email protected]
