Goodkey RSA 2025

The firmware security crisis

Binarly's research has uncovered critical firmware key management vulnerabilities that undermine device security at the hardware level.

Private key leakage

Boot Guard private keys have been discovered within firmware update packages. This devastating security failure allows attackers to sign malicious firmware that hardware will trust, completely bypassing security mechanisms.

→ Goodkey secures keys in hardware security boundaries, preventing extraction.

Insecure test keys in production

Development keys intended only for pre-production have been found in released firmware. Binarly identified insecure RSA test keys across multiple server BMC firmware images, creating backdoor-like vulnerabilities.

→ Goodkey enforces clear separation between test and production environments.

Manual key management

Reliance on manual processes for key generation, storage, and signing operations creates significant security gaps. Without proper automation and controls, teams resort to insecure workarounds.

→ Goodkey automates key lifecycle management with strong access controls.

Poor visibility

Limited visibility into key lifecycles makes audits difficult and compliance challenging, leaving potential vulnerabilities undetected until exploited by attackers.

→ Goodkey provides comprehensive dashboard and audit trails.

Hardcoded сryptographic assets

Unfortunately, firmware developers often hardcode cryptographic assets that become security liabilities when discovered. These embedded elements create persistent vulnerabilities across device lifetimes.

→ Goodkey provides expiration warnings and modern algorithm support.

Expired keys & obsolete algorithms

Many devices rely on cryptographic algorithms that were secure when designed but are now vulnerable (like legacy RSA implementations). As devices outlive the effective crypto period of their keys, security degrades.

→ Goodkey provides a secure repository with visibility into all keys you rely on.

Learn about the critical issue at RSA 2025

The upcoming RSA Conference 2025 features insights into a critical issue: repeatable supply chain security failures in firmware key management. As experts like Binarly highlight, systemic vulnerabilities are undermining the very trust chain of modern computing.

Why do these failures persist? It boils down to complexity. Managing signing keys and certificates for firmware and bootloaders feels overwhelming, leading many hardware vendors to bypass essential security practices. The result: recurring vulnerabilities and increased organizational risk.

Visit Binarly at RSA Conference on Apr 28, 2025 - May 1, 2025

Binarly helps you identify components that are vulnerable to these common key management mistakes so you can understand and manage your exposure. Their presentation at RSA will reveal critical insights into firmware security failures.

Learn more about Binarly’s reasearch

Goodkey: key & certificate management built for humans

We simplify security, empowering your teams with modern cryptographic workflows for encryption, signing, authentication, and data sharing without building complex systems yourself.

Container signing

Securely sign container images using HSM-protected keys with support for tools like Cosign and Notary through industry-standard interfaces, preventing supply chain attacks.

UEFI secure boot

Manage the entire hierarchy of Secure Boot keys (PK, KEK, db/dbx) with proper controls and separation, preventing unauthorized access to critical system firmware.

Intel boot guard

Protect critical Boot Guard signing keys in hardware security boundaries, preventing the key leakage vulnerabilities identified by Binarly's research.

BMC firmware

Secure the keys used for signing BMC firmware updates, enforcing proper separation between test and production environments.