The new bit is essentially that a bunch of vendors have been using test keys in production hardware, mostly enterprise hardware, and nobody has implemented key clustering or rotation like the original design spec recommended.
Beyond that, the older news is the legitimate production key compromise, stored online behind a four character password. But this one’s not as big an issue as most of the implicated hardware is already EOL and no longer in use.
So basically secure boot as usual? Or is there something new here?
The new bit is essentially that a bunch of vendors have been using test keys in production hardware, mostly enterprise hardware, and nobody has implemented key clustering or rotation like the original design spec recommended.
Beyond that, the older news is the legitimate production key compromise, stored online behind a four character password. But this one’s not as big an issue as most of the implicated hardware is already EOL and no longer in use.