Am 17.06.2012 19:06, schrieb Michał Górny:
> On Sun, 17 Jun 2012 09:55:35 -0700
> Greg KH <firstname.lastname@example.org> wrote:
>> On Sun, Jun 17, 2012 at 05:51:04PM +0200, Michał Górny wrote:
>>> 3. What happens if the machine signing the blobs is compromised?
>> So, who's watching the watchers, right? Come on, this is getting
> I'm just pointing out that this simply relies on trusting people. Much
> like not having those signatures.
If you are so much worried about it, UEFI allows you to remove all keys
and just add your own. That way, only code signed by you will be executed.
And in the standard case, well, it is just as good (or bad) as the SSL
certificate business. It's not a perfect system but it is better than
having everyone using self-signed certificates or none at all.