Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I can guarantee you with nearly 100% certainty that UEFI TLS clients are bound to be buggy garbage broken in not-insignificant ways.


From the article, it's using OpenSSL in EDK II

In fact, a whole section of the article is dedicated to talking about how they got tripped up by OpenSSL security level 3 rejecting 2048 bit RSA key


The IP stack and HTTP clients are problematic enough without adding the enormous complexity of a TLS implementation on top.


They have a hard enough time managing the relatively few certificates for secure boot.

You want me to believe all the various BIOS manufacturers are going to competently manage a WebPKI root certificate program?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: