Microsoft Responds to Secure Boot Story, Doesn't Address Issue
Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
E-mail Print r 6   · Read More · 187 Comment(s) http://osne.ws/jfl
Permalink for comment 490687
To read all comments associated with this story, please click here.
nonoitall
Member since:
2011-09-22

Design only allows for UEFI only allows for a bootloader to be signed by 1 key not 2 or 3.

Really? Where did you find this out? If that's the case, Microsoft can still include multiple signatures with the boot loader -- they just have to install it with one that will work on the system in question.

You are stupid on one statement. Average PC user cannot create a core breaching virus either. The Key will return system breaches to what it is now. Basically the signing system is not about protecting the Average from the system is about protecting the elite from attacking systems. So signing there fake boot-loaders are going to be a walk in park.

Remember the people breaching the systems are already doing illegal things so breaching Microsoft to get the primary signing key is not going to worry them one bit.

Basically once the primary signing key is lost it has to be given up being used if you wish to maintain secuirty.

Basically Microsoft will be waving a big flag to a very powerful force doing this. Even with Microsofts resources I don't see them has having enough to stop it.

So if your solution is MS keeps on signing with the OLD key are you saying its suitable to leave users exposed to secuirty risk. Hello. This is unfair and wrong.

We all know that this "secure" boot has just about nothing to do with the users' security. The only party that really stands to lose if the old key is compromised is Microsoft, but only savvy users will really be able to exploit the weakness. As such, even if the key is compromised, I doubt they'll be in a huge rush to fix it.

It's kind of like the DRM on DVD and Blu-ray. They've both been compromised, but your average user won't know how to exploit that, so the entertainment industry just keeps using the same flawed system. It's not like they really have our best interests at heart. They're just concerned with keeping a majority of users under their control, and as long as the old way keeps working somewhat effectively, they'll usually avoid changing it, since that invariably leads to users' getting locked out -- the exact opposite of what they want.

Just as a side note, it kind of looks like English might not be your first language. So as a piece of advice: Most people will be offended if you associate the word "stupid" with them. A gentler term would be "misinformed", but it seems like this is more of a miscommunication than anything else. ;-)

Microsoft design is screwed for all end users.

Key update system is mandatory when design any system with key based secuirty if you wish for it to remain secure.

If this solution from Microsoft was sane there would not be this issue at all. There would be a mandatory key update system that Linux and other competitors could use. Pain in but for the competitors since installing their OS's would have extra steps ie since out box is most likely windows.

Yes Microsoft would still gain a competitive advantage this way. But not put everyone ass on the preferable chopping block when key leaks. I say when not if because I don't believe for one min it going to be if.

I think I agree with this. ;-)

Reply Parent Score: 1