Linked by Thom Holwerda on Wed 21st Sep 2011 22:06 UTC, submitted by kragil
Windows After the walled garden coming to the desktop operating system world, we're currently witnessing another potential nail in the coffin of the relatively open world of desktop and laptop computing. Microsoft has revealed [.pptx] that as part of its Windows 8 logo program, OEMs must implement UEFI secure boot. This could potentially complicate the installation of other operating systems, like Windows 7, XP, and Linux.
Thread beginning with comment 490306
To read all comments associated with this story, please click here.
Comment from a dumb user
by sb56637 on Thu 22nd Sep 2011 05:08 UTC
sb56637
Member since:
2006-05-11

To my uneducated mind, this sounds like the issue that people are having with some Motorola Android devices. They have locked bootloaders that don't permit any firmware not signed by Motorola to be installed. Is this approximately what Microsoft is looking to do now?

Looks like this "walled garden" concept has nothing to OS security, but rather with vendor security.

Reply Score: 5

RE: Comment from a dumb user
by Alfman on Thu 22nd Sep 2011 06:05 in reply to "Comment from a dumb user"
Alfman Member since:
2011-01-28

"They have locked bootloaders that don't permit any firmware not signed by Motorola to be installed. Is this approximately what Microsoft is looking to do now?"

Microsoft already does this with win vista/7 kernels. The owner is not free to install independent drivers without buying a one or two year signing key. It seems to be a deliberate attack against OSS in the windows kernel. Just after I was beginning to learn how to write kernel drivers, microsoft banned us from installing our own drivers on our own computers. They've hard-coded private keys.

"Looks like this 'walled garden' concept has nothing to OS security, but rather with vendor security."

Technically, it has alot more to do with bootloader security than OS security, windows will have the same flaws as before.

It prevents unauthorized bootloaders from running. However in the context of a real attack, the installation of a malicious bootloader that secure boot would help protect against suggests that the system has already been compromised elsewhere. So secure boot would be of limited security value here.

They actually tried something similar before with TCM/Palladium, which may provide insight into what they are trying to accomplish... DRM.

As much as MS might want to block out linux, I cannot imagine any scenario where microsoft would not face serious legal repercussions if they tried. So, if I may speculate, this is about extending the kernel driver enforcement all the way back to the bootloader so that kernel jailbreaking software like this cannot work:

http://www.softpedia.com/get/Tweak/Video-Tweak/Driver-Signature-Enf...

Reply Parent Score: 3

UglyKidBill Member since:
2005-07-27

>>>"They have locked bootloaders that don't permit any firmware not signed by Motorola to be installed. Is this approximately what Microsoft is looking to do now?"

Microsoft already does this with win vista/7 kernels. The owner is not free to install independent drivers without buying a one or two year signing key. It seems to be a deliberate attack against OSS in the windows kernel. Just after I was beginning to learn how to write kernel drivers, microsoft banned us from installing our own drivers on our own computers. They've hard-coded private keys.

"Looks like this 'walled garden' concept has nothing to OS security, but rather with vendor security."

Technically, it has alot more to do with bootloader security than OS security, windows will have the same flaws as before.

It prevents unauthorized bootloaders from running. [...]
So, if I may speculate, this is about extending the kernel driver enforcement all the way back to the bootloader so that kernel jailbreaking software like this cannot work:

http://www.softpedia.com/get/Tweak/Video-Tweak/Driver-Signature-Enf...


Maybe it will break those loaders used to bypass windows activation schemes? That alone would be of great benefit for microsoft, specially in the bottom server side of the market...

Reply Parent Score: 1

Soulbender Member since:
2005-08-18

The owner is not free to install independent drivers without buying a one or two year signing key


Wait...WHAT? Are you saying that I, the owner of the OS copy and the owner of the physical hardware, can not install whatever drivers I want? On my own hardware? For real? What in the holy hell? Oceania and The Party has nothing on Microsoft....

Reply Parent Score: 2

RE: Comment from a dumb user
by WorknMan on Thu 22nd Sep 2011 06:54 in reply to "Comment from a dumb user"
WorknMan Member since:
2005-11-13

To my uneducated mind, this sounds like the issue that people are having with some Motorola Android devices. They have locked bootloaders that don't permit any firmware not signed by Motorola to be installed.


Well, not just Motorola Android devices, but several different kinds of Android devices. And do you know what? Pretty much every one of them get rooted anyway.

From my point of view, it's a good safety measure on PCs, since 99% of people would never try to boot another OS anyway. Just give people an option to unlock if they want, and make it so that you need physical access to the PC, and make it just hard enough to find so nobody could/would do it on accident.

Reply Parent Score: 2

RE[2]: Comment from a dumb user
by Alfman on Thu 22nd Sep 2011 07:23 in reply to "RE: Comment from a dumb user"
Alfman Member since:
2011-01-28

WorknMan,


"From my point of view, it's a good safety measure on PCs, since 99% of people would never try to boot another OS anyway."

Can you explain why you think it's a good safety measure? Unless I've missed something, there would only be two ways to boot a malicious bootloader/OS:

1. The system is already compromised and rooted such that the attacker was able to overwrite the bootloader/OS. In this case, chances are very high that the attacker can do whatever he pleases already with or without secure boot.

2. The user boots from external bootable media like a cd/thumbdrive.

If secure boot is going to prevent 99% of bootable media from booting anyways (seeing as most of us won't be able to get them signed), then I question the need for disabling external booting via secure boot instead of simply disabling external booting outright by default?


"Just give people an option to unlock if they want, and make it so that you need physical access to the PC, and make it just hard enough to find so nobody could/would do it on accident."

I agree that the ability to disable secure boot would be one option. Better yet would be to allow owners to control the keys on their own systems such that they could actually use secureboot with alternative operating systems. There is no reason for this feature to be hard coded for use by microsoft/manufacturers (other than to shift control to them).

Edited 2011-09-22 07:31 UTC

Reply Parent Score: 2

RE[2]: Comment from a dumb user
by bert64 on Thu 22nd Sep 2011 10:45 in reply to "RE: Comment from a dumb user"
bert64 Member since:
2007-04-23

This should not be something that is configured by the manufacturer or software vendor...
It should be up to the purchaser of the hardware, be it an end user or a corporation, to load their trusted keys into the firmware.

If the keys are provided by someone else then it does little to help corporate security, as an attacker could just boot their own copy of a signed OS.

Similarly, using CAs is not a good idea, look at the recent hacks against various CAs...

Corporations should maintain their own internal CA, and keep the private key secure, that way their workstations would only be able to load software signed by the corporate key. Remember any given corporation will decide what software it wants to run, and won't be happy having that dictated by a third party who holds the signing keys.

Changing the key should require the setting of a hardware jumper, and the execution of an EFI based key management tool signed by one of the currently trusted keys.

Yes this would provide a method to brick hardware if you lose the keys or load an invalid one, and since the devices are under user control there would always be a way round it even if that required hardware mods.

Reply Parent Score: 4