Linked by Thom Holwerda on Mon 4th Feb 2013 22:10 UTC
Google "People are, unsurprisingly, upset that Microsoft have imposed UEFI Secure Boot on the x86 market. A situation in which one company gets to determine which software will boot on systems by default is obviously open to abuse. What's more surprising is that many of the people who are upset about this are completely fine with encouraging people to buy Chromebooks. Out of the box, Chromebooks are even more locked down than Windows 8 machines." Good point.
Permalink for comment 551456
To read all comments associated with this story, please click here.
Brendan
Member since:
2005-11-16

Hi,

MBR viruses have been a dead horse for at least 10-15 years now, ever since the web browser and its plugins became a much more lucrative target for malware. Please note that SecureBoot in no way prevents rootkits or kernel exploits - it's still the responsibility of the OS to verify all code it loads.


To install an MBR boot virus you'd need write access to the MBR (and it's extremely easy to detect if that sector has been modified). Also, the MBR boot virus would need to run in real mode while all sane OSs switch to protected mode (or long mode) and discard all of the real mode code, so an MBR virus can't easily do anything after the OS has booted. These are the things that makes an MBR boot virus a waste of time.

For UEFI, everything typically sits on a big FAT partition with no security whatsoever; and various parts of UEFI remain (and may be executed as privileged code) after the OS boots. These things combined mean that (without secure boot) UEFI is a massive security disaster.

Secure boot is an attempt to fix UEFI's huge gaping security holes. It's very necessary.

The problem is who manages the keys. The EFI/UEFI specifications should have required that the computer's owner has complete control over all keys; and that OEMs, OS providers and the current user (if they aren't also the computer's owner - e.g. "disgruntled employee") has no control of any keys at all.

- Brendan

Reply Parent Score: 7