Linked by Howard Fosdick on Thu 6th Dec 2012 05:26 UTC
OSNews, Generic OSes With computers now shipping with UEFI Secure Boot enabled, users of any OS other than Windows 8 will want to know how to circumvent it. Jesse Smith of DistroWatch tells how he did it here. The Linux Foundation describes its approach here. If you want to boot an OS other than Windows 8, you'll want to figure this out before you buy that new computer.
Permalink for comment 544506
To read all comments associated with this story, please click here.
RE[3]: Fedora Shim
by ssokolow on Fri 7th Dec 2012 13:01 UTC in reply to "RE[2]: Fedora Shim"
ssokolow
Member since:
2010-01-21

Alfman posted...
"This is another reason I hate microsoft's secure boot design. Even if they had the best of intentions, it creates a single point of failure. One bug or leak breaks everybody's secure boot security worldwide. It just reaffirms how secure boot has been designed for 3rd party control rather than security.


Which is exactly why the hacking scene needs to get on breaking this single point of failure as hard and spectacularly as they can, then release something that crashes every system running "secure boot" in such a way to make it clear that it is worse than useless at what it was ostensibly designed to do. Better yet it needs to crash the hardware in such a way the OEMs are liable and it costs them enough pain they instinctively shy away from any future types of such systems. Maybe then it would make the whole thing go away again...

--bornagainpenguin
"

Shouldn't be too hard when you have a modular firmware that's essentially an OS unto itself. (as complex as an OS kernel, high-level programming interface, standard library of helper functions, its own drivers for things like the network card, facilities for storing what (depending on the vendor) could potentially be megabytes of data in on-motherboard non-volatile storage, etc.)

I'm hoping for the day when a piece of malware comes out that waits for its creator to inform it of a 0-day exploit, then exploits Windows and UEFI to set up shop as a UEFI rootkit and resist all attempts to remove it without desoldering the flash chip and replacing it.

It'd be a fiasco worse than the Intel FDIV bug and it's completely possible because:

1. Every motherboard manufacturer is using Intel's reference implementation of UEFI with their own modules added in. It's effectively a monoculture like Windows. Hardware variations don't really matter.

2. They discover new bugs in the reference implementation quite often. It's like Windows in that way too.

Edited 2012-12-07 13:11 UTC

Reply Parent Score: 5