[[ UPDATE: Earlier I called this “UEFI Secure Boot”. Vincent Zimmer of Intel read their blog article more closely than I did, read the comment he just made: click on the “Comment” link on the left side of the blog, At the moment, I am not sure what flavor(s) of “Secure Boot” InversePath is using for the USB Armory. ]]
InversePath has updated the USB Armory to support Secure Boot (unclear what kind of “Secure Boot” this is..
Interesting read to see what is involved in getting Secure Boot to work, even if you don’t have one of these devices. I like the disclaimer:
IMPORTANT: enabling Secure Boot functionality on the USB armory SoC, unlike similar features on modern PCs, is an irreversible action that permanenty fuses verification keys hashes on the device. This means that any errors in the process or loss of the signing PKI will result in a bricked device uncapable of executing unsigned code. This is a security feature, not a bug. The activation and use of the Secure Boot functionality is therefore at your own risk and must be approached with care.
Firmware Security 
are you sure that this is ‘UEFI secure boot’, or just an instance of a reset-time hardware secure boot? I think the ‘secure boot’ for the USB Armory is more akin to the left hand side of figure 5 https://firmware.intel.com/sites/default/files/resources/Platform_Security_Review_Intel_Cisco_White_Paper.pdf “Reset Time Verified Launch.” But if they’re also doing UEFI Secure Boot for the OS interop, that would be cool.
LikeLike
You’re probably right, I wasn’t reading it closely enough. I’ll update blog. Thanks.
LikeLike