UEFI secure boot anti-rollback

I haven’t seen any seen mechanism by which UEFI can detect the most recent update to a binary from being swapped out for an older binary that was signed with the same key as the up-to-date binary. Google’s vboot is the only PC firmware I know of that anti-downgrade counters. Does the UEFI specification specify a way to thwart rollback attacks?

Go to Source
Author: Melab