Linked by Thom Holwerda on Sat 29th Dec 2012 16:37 UTC
Linux It's sad that we need this, but alas - Matthew Garret has made a list of Linux distributions that boot on Windows 8 PCs with Secure Boot enabled. Tellingly enough, the list is short. Very short. Can someone hack this nonsense into oblivion please?
Permalink for comment 546626
To read all comments associated with this story, please click here.
RE: Maleware
by saso on Sun 30th Dec 2012 01:48 UTC in reply to "Maleware"
saso
Member since:
2007-04-18

either by leakage

Possible, though highly unlikely. If MS actually operate their signing infrastructure in any sensible way (e.g. the way a public CA is operated), then the root key is only held on an HSM (Hardware Security Module) - a separate tamper-proof purpose-built machine which will never, ever give the secret key out and only execute signing for you. The recent compromises of CAs (Comodo, Diginotar) you heard about were all done by having the attackers trick the CA into signing certificates for other domains. At no point did the attackers actually get to the secret key of the root CA.

or cracking.

As far as I understand it, UEFI is built on asymmetrical cryptography. Unless it was designed by idiots, the shipped machines only contain the public key portion, so it's impossible to retrieve the secret key.

This system seems to have the potential to make the security of data on an MS system worse not better (most people do not have backups) and open new venues for extortion, and problem creating by the cracker community.

Seeing the exploit landscape of late, and please feel free to correct me, boot viruses and worms are pretty much a thing of the past. Nowadays everybody focuses on phishing and browser exploits, since that's where the real money can be made (credit card fraud, on-line banking connection hijacking, etc.). UEFI is a solution in search of a problem (that is, if you believe the official story, that it's about protecting the customer's machine from viruses, rather than protecting the machine from the customer).

Edited 2012-12-30 01:49 UTC

Reply Parent Score: 6