Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Thread beginning with comment 490677
To read all comments associated with this story, please click here.
Good secuirty Required Future planining.
by oiaohm on Sun 25th Sep 2011 02:08 UTC
oiaohm
Member since:
2009-05-30

Right Microsoft idea here is stuffed.

Issue one you have a 5 year old machine in the future MS has lost the key so you system can be attacked. Yet OEM has locked you motherboard and is providing no more update. So you cannot update bootloader to fix problem. So when microsoft pushes out update to bootloader signed with new key your computer now dies.

Who thinks this is a good idea now?

Great. Stupid moron move. The system needs a way to insert new keys and disable old ones. Other wise its a bit like saying when you lose your door keys you cannot replace your house locks.

If you cannot disable MS better insist on a way to replace the approval key. This does get around the Grub issue. Since the Linux distributors or end users could produce there own signing pair. Yes makes installation annoying. Ie fat formated usb key with a approval key to upload before able to install the OS.

Key of course is make the only way to upload the key inside bios software.

Linux way is better not having a default key set.

Reply Score: 2

nonoitall Member since:
2011-09-22

Issue one you have a 5 year old machine in the future MS has lost the key so you system can be attacked. Yet OEM has locked you motherboard and is providing no more update. So you cannot update bootloader to fix problem. So when microsoft pushes out update to bootloader signed with new key your computer now dies.

I agree with you that users need to be guaranteed more control over this, but there are a couple issues with this statement.

(1) Microsoft wouldn't "lose" a key; what you're referring to is the key's being leaked. Microsoft would still have the key, but so would everyone else, and as such, anyone could sign boot loaders for the motherboards set up with that key. It would effectively nullify the security "feature" for anyone smart enough to sign an arbitrary boot loader with the leaked key.

(2) Even if the old key is leaked, Microsoft can continue to sign things with it as well as the new key(s). So chances are they would continue to sign their OS and future OSes with those keys so that people who bought locked PCs would continue to be able to install MS OSes. (Even if smart people can sign their own boot loaders with the leaked keys, the average PC user won't be able to, so it would make economical sense to keep providing upgrades that will work with the leaked keys.)

Reply Parent Score: 1

oiaohm Member since:
2009-05-30

Once boot key is leaked its over. Attackers will be able to breach all those systems.

So protection from boot breaching is basically gone as soon as MS loses control of the key.

Design only allows for UEFI only allows for a bootloader to be signed by 1 key not 2 or 3. The UEFI load system can contain more than 1 key to check boot loader against. So yes UEFI setup correctly where you can load extra keys in transition from one key to another would not require a disruption. Heck you could be creative and make it a one way process. When bios sees something using a newer key leave the old key behind.

You are stupid on one statement. Average PC user cannot create a core breaching virus either. The Key will return system breaches to what it is now. Basically the signing system is not about protecting the Average from the system is about protecting the elite from attacking systems. So signing there fake boot-loaders are going to be a walk in park.

Remember the people breaching the systems are already doing illegal things so breaching Microsoft to get the primary signing key is not going to worry them one bit.

Basically once the primary signing key is lost it has to be given up being used if you wish to maintain secuirty.

Basically Microsoft will be waving a big flag to a very powerful force doing this. Even with Microsofts resources I don't see them has having enough to stop it.

So if your solution is MS keeps on signing with the OLD key are you saying its suitable to leave users exposed to secuirty risk. Hello. This is unfair and wrong.

So forced upgrade of motherboards because someone at Microsoft carelessly lost a key so we force to buy more Microsoft software. Yes SUX major-ally this idea. Microsoft design is screwed for all end users.

Key update system is mandatory when design any system with key based secuirty if you wish for it to remain secure.

If this solution from Microsoft was sane there would not be this issue at all. There would be a mandatory key update system that Linux and other competitors could use. Pain in but for the competitors since installing their OS's would have extra steps ie since out box is most likely windows.

Yes Microsoft would still gain a competitive advantage this way. But not put everyone ass on the preferable chopping block when key leaks. I say when not if because I don't believe for one min it going to be if.

Reply Parent Score: 2