It must be automated IMO.
The threat model is: You have a platform where you can't install any software unless it's signed by the vendor, but it's open source, and you think that vendor's build server is compromised? Which platform are we talking about, this seems like a fantasy threat model, no?
-
-
I know how secure boot works Rene.
End of conversation
New conversation -
-
looks like I missed the 1 signature requirement of the platform but anyway I don't see why this isn't a realistic risk if developers sign binaries using hard to protect systems and the private keys are exposed.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
