The researchers discovered that AMD had been using a publicly available example key from NIST documentation since Zen 1,
lol... sigh...
An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!
Enjoy!
The researchers discovered that AMD had been using a publicly available example key from NIST documentation since Zen 1,
lol... sigh...
Just like all the BIOSes that have turned out to be using keys called things like TEST ONLY - NOT FOR PRODUCTION, rendering Secure Boot not. I have a couple of computers like this.
The researchers discovered that AMD had been using a publicly available example key from NIST documentation since Zen 1, which allowed them to forge signatures and deploy arbitrary microcode modifications.
I wish these sorts of errors were not that common.