Re: Read-protected UEFI variables

From: Alan Cox
Date: Mon Feb 19 2018 - 15:25:05 EST


> If the UEFI is as secure as storing an unencrypted file on a hard
> drive, I am satisfied. Or do you have a better idea where to store the
> SSH keys for a diskless system that boots via network?

Store them in the TPM ?

If you are booting over a network and not doing some kind of TPM based
trusted boot check you already lost to a network attacker

Alan