ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities.
I get why you’d dislike that wording, but this is also how all certificate stores work, regardless of whether we’re talking Secure Boot, Windows or Linux. Gotta trust the top level as providing legitimate certificates to then trust everything underlying as coming from the correct parties.
Certificate are something I work with constantly at work and I fucking hate resolving issues with them lol.
I get why you’d dislike that wording, but this is also how all certificate stores work, regardless of whether we’re talking Secure Boot, Windows or Linux. Gotta trust the top level as providing legitimate certificates to then trust everything underlying as coming from the correct parties.
Certificate are something I work with constantly at work and I fucking hate resolving issues with them lol.
It’s not just the wording.
Precisely.
Check out cacert.org and why it never gained “Trust”. Hint: $$$