Microsoft Responds to Secure Boot Story, Doesn't Address Issue
Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
E-mail Print r 6   · Read More · 187 Comment(s) http://osne.ws/jfl
Thread beginning with comment 490679
To view parent comment, click here.
To read all comments associated with this story, please click here.
nonoitall
Member since:
2011-09-22

Issue one you have a 5 year old machine in the future MS has lost the key so you system can be attacked. Yet OEM has locked you motherboard and is providing no more update. So you cannot update bootloader to fix problem. So when microsoft pushes out update to bootloader signed with new key your computer now dies.

I agree with you that users need to be guaranteed more control over this, but there are a couple issues with this statement.

(1) Microsoft wouldn't "lose" a key; what you're referring to is the key's being leaked. Microsoft would still have the key, but so would everyone else, and as such, anyone could sign boot loaders for the motherboards set up with that key. It would effectively nullify the security "feature" for anyone smart enough to sign an arbitrary boot loader with the leaked key.

(2) Even if the old key is leaked, Microsoft can continue to sign things with it as well as the new key(s). So chances are they would continue to sign their OS and future OSes with those keys so that people who bought locked PCs would continue to be able to install MS OSes. (Even if smart people can sign their own boot loaders with the leaked keys, the average PC user won't be able to, so it would make economical sense to keep providing upgrades that will work with the leaked keys.)

Reply Parent Score: 1

oiaohm Member since:
2009-05-30

Once boot key is leaked its over. Attackers will be able to breach all those systems.

So protection from boot breaching is basically gone as soon as MS loses control of the key.

Design only allows for UEFI only allows for a bootloader to be signed by 1 key not 2 or 3. The UEFI load system can contain more than 1 key to check boot loader against. So yes UEFI setup correctly where you can load extra keys in transition from one key to another would not require a disruption. Heck you could be creative and make it a one way process. When bios sees something using a newer key leave the old key behind.

You are stupid on one statement. Average PC user cannot create a core breaching virus either. The Key will return system breaches to what it is now. Basically the signing system is not about protecting the Average from the system is about protecting the elite from attacking systems. So signing there fake boot-loaders are going to be a walk in park.

Remember the people breaching the systems are already doing illegal things so breaching Microsoft to get the primary signing key is not going to worry them one bit.

Basically once the primary signing key is lost it has to be given up being used if you wish to maintain secuirty.

Basically Microsoft will be waving a big flag to a very powerful force doing this. Even with Microsofts resources I don't see them has having enough to stop it.

So if your solution is MS keeps on signing with the OLD key are you saying its suitable to leave users exposed to secuirty risk. Hello. This is unfair and wrong.

So forced upgrade of motherboards because someone at Microsoft carelessly lost a key so we force to buy more Microsoft software. Yes SUX major-ally this idea. Microsoft design is screwed for all end users.

Key update system is mandatory when design any system with key based secuirty if you wish for it to remain secure.

If this solution from Microsoft was sane there would not be this issue at all. There would be a mandatory key update system that Linux and other competitors could use. Pain in but for the competitors since installing their OS's would have extra steps ie since out box is most likely windows.

Yes Microsoft would still gain a competitive advantage this way. But not put everyone ass on the preferable chopping block when key leaks. I say when not if because I don't believe for one min it going to be if.

Reply Parent Score: 2

nonoitall Member since:
2011-09-22

Design only allows for UEFI only allows for a bootloader to be signed by 1 key not 2 or 3.

Really? Where did you find this out? If that's the case, Microsoft can still include multiple signatures with the boot loader -- they just have to install it with one that will work on the system in question.

You are stupid on one statement. Average PC user cannot create a core breaching virus either. The Key will return system breaches to what it is now. Basically the signing system is not about protecting the Average from the system is about protecting the elite from attacking systems. So signing there fake boot-loaders are going to be a walk in park.

Remember the people breaching the systems are already doing illegal things so breaching Microsoft to get the primary signing key is not going to worry them one bit.

Basically once the primary signing key is lost it has to be given up being used if you wish to maintain secuirty.

Basically Microsoft will be waving a big flag to a very powerful force doing this. Even with Microsofts resources I don't see them has having enough to stop it.

So if your solution is MS keeps on signing with the OLD key are you saying its suitable to leave users exposed to secuirty risk. Hello. This is unfair and wrong.

We all know that this "secure" boot has just about nothing to do with the users' security. The only party that really stands to lose if the old key is compromised is Microsoft, but only savvy users will really be able to exploit the weakness. As such, even if the key is compromised, I doubt they'll be in a huge rush to fix it.

It's kind of like the DRM on DVD and Blu-ray. They've both been compromised, but your average user won't know how to exploit that, so the entertainment industry just keeps using the same flawed system. It's not like they really have our best interests at heart. They're just concerned with keeping a majority of users under their control, and as long as the old way keeps working somewhat effectively, they'll usually avoid changing it, since that invariably leads to users' getting locked out -- the exact opposite of what they want.

Just as a side note, it kind of looks like English might not be your first language. So as a piece of advice: Most people will be offended if you associate the word "stupid" with them. A gentler term would be "misinformed", but it seems like this is more of a miscommunication than anything else. ;-)

Microsoft design is screwed for all end users.

Key update system is mandatory when design any system with key based secuirty if you wish for it to remain secure.

If this solution from Microsoft was sane there would not be this issue at all. There would be a mandatory key update system that Linux and other competitors could use. Pain in but for the competitors since installing their OS's would have extra steps ie since out box is most likely windows.

Yes Microsoft would still gain a competitive advantage this way. But not put everyone ass on the preferable chopping block when key leaks. I say when not if because I don't believe for one min it going to be if.

I think I agree with this. ;-)

Reply Parent Score: 1

Read more of this thread... >