Generate a new set of keys, make a capsule and use it to perform an update.
Expected behavior
Failure due to security violation (capsule not signed with the appropriate key).
Actual behavior
Update will succeed.
Additional context
This is not a severe issue in terms that you can't do anything that wasn't possible before, but updates should be cryptographycally verified in the future.
Internal reference to a more extensive discussion: DSH-988
Component
Dasharo firmware
Device
MSI Pro Z690-A, MSI Pro Z790-P
Dasharo version
Z690-A v1.1.4 & Z790-P v0.9.2
Brief summary
Root key is not being enforced by capsule updates
How reproducible
Always.
How to reproduce
Generate a new set of keys, make a capsule and use it to perform an update.
Expected behavior
Failure due to security violation (capsule not signed with the appropriate key).
Actual behavior
Update will succeed.
Additional context
This is not a severe issue in terms that you can't do anything that wasn't possible before, but updates should be cryptographycally verified in the future.
Internal reference to a more extensive discussion: DSH-988
Solutions you've tried
No response