ReversingLabs: Breaking the UEFI firmware Authenticode security model

Blog 8 in series: Digital Certificates – Models for Trust and Targets for Misuse

Issue #2: Validation of signed UEFI drivers and applications

https://blog.reversinglabs.com/blog/rocking-the-foundations-of-a-trust-based-digital-code-signing-system

https://blog.reversinglabs.com/blog/breaking-uefi-firmware-authenticode-security-model