Someone is inevitably going to say "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety" and to those people I say I hope you use precisely zero websites that have enforced password requirements

(also the thing people keep forgetting is "essential liberty" - if I can give up freedom for safety while knowing I can restore that freedom at any time by reconfiguring my system, I don't think any essential freedom has been given up)

Furthermore, there is no easy way to revoke or replace the compromised keys. MSI does not have an automated patching process or key revocation capabilities like some larger hardware makers do. This means that MSI would have to manually update each affected device with new keys and firmware. This could take a long time and leave many devices vulnerable in the meantime.

Intel is aware of these reports and actively investigating. However, it should be noted that Intel Boot Guard OEM keys are generated by the system manufacturer, not by Intel (tomsguide.com). Therefore, Intel may not have much control over how these keys are managed or secured by its partners.

uefi and secure boot are problems that need to be addressed but it is not going to happen - the problems will persist - and they will persist because they are convenient to gain low level access but also because of complexity and tech debt - it is an unfolding story that will have more twists and turns but maybe some progress will be made eventually - for the time being and near future there will be no easy solution - it is a big mess

babak@G750JHA ~/Desktop $ binwalk -Me ./Cottonelle.bin

Scan Time: 2016-06-18 23:19:58
Target File: /home/ubuntu/babak/Desktop/Cottonelle.bin
MD5 Checksum: f330370ed549c30bb301b42e7363ce32
Signatures: 345

DECIMAL HEXADECIMAL DESCRIPTION
--------------------------------------------------------------------------------
16560 0x40B0 PEM RSA private key
18608 0x48B0 PEM certificate
20484 0x5004 PEM certificate
32944 0x80B0 PEM RSA private key
34992 0x88B0 PEM certificate
36868 0x9004 PEM certificate
301529 0x499D9 Certificate in DER format (x509 v3), header length: 4, sequence length: 177
414737 0x65411 Boot section Start 0x42423242 End 0x0
414741 0x65415 Boot section Start 0x0 End 0x0
414911 0x654BF Boot section Start 0x3C42 End 0x0
414915 0x654C3 Boot section Start 0x0 End 0x0
415370 0x6568A Boot section Start 0x14 End 0x30000
518776 0x7EA78 PEM RSA private key
520488 0x7F128 PEM certificate
521984 0x7F700 PEM certificate
531224 0x81B18 HTML document header
532867 0x82183 HTML document footer
532876 0x8218C HTML document header
533428 0x823B4 HTML document footer
533440 0x823C0 JPEG image data, JFIF standard 1.01
549524 0x86294 SHA256 hash constants, little endian
550196 0x86534 PEM RSA private key
550592 0x866C0 PEM certificate
788672 0xC08C0 Copyright string: "Copyright (c) 1996-2011 Express Logic Inc. * NetX Cortex-M3/GNU Version G5.4.5.0 SN: 23451-108-05