212
Microsoft’s Secure Boot has been broken for a decade and no one noticed until now
(www.welivesecurity.com)
This is a most excellent place for technology news and articles.
This is especially true on computers where it is impossible to change the signing keys. Smartphones, game consoles, many laptops, some desktops, smart TVs, IoT devices, modern cars, etc.
I think that key can be changed on Google Pixels. I run GrapheneOS and reverting to stock would require erasing the key.
Kind of. You can change the signing key for the operating system, but you cannot change the signing key of the primary bootloader, as that is baked into the SoC.
I'm assuming this is why it will forever "warn" me that my phone is running an "insecure" OS?
That's moreso because it's using an unofficial key, so the device manufacturer (Google in the case of Pixels) cannot verify the authenticity of the OS you're running.
If you were able to replace that bootloader with a custom one, then you would be able to disable that message or just use a completely different bootloader like UBoot or EDK2 if it was ported, though.
OK!