@PeterCxy It does span multiple different signing keys (is this what you meant?). Why does this make it more likely that some attacker managed to exfiltrate all those keys as opposed to an attacker managing to get something signed with all of them?
@robryk@qoto.org Sorry I misunderstood "misuse". Yes, it is entirely possible that someone was just able to get something signed with all of them.
@robryk@qoto.org Well it spans multiple manufacturers and SoC vendors so I don't see it as misuse, at least not so likely...