Re: Read-protected UEFI variables
From: Alan Cox
Date: Mon Feb 19 2018 - 15:25:05 EST
> If the UEFI is as secure as storing an unencrypted file on a hard
> drive, I am satisfied. Or do you have a better idea where to store the
> SSH keys for a diskless system that boots via network?
Store them in the TPM ?
If you are booting over a network and not doing some kind of TPM based
trusted boot check you already lost to a network attacker
Alan