Linked by Thom Holwerda on Fri 23rd Sep 2011 22:22 UTC, submitted by kragil
Windows The story about how secure boot for Windows 8, part of UEFI, will hinder the use of non-signed binaries and operating systems, like Linux, has registered at Redmond as well. The company posted about it on the Building Windows 8 blog - but didn't take any of the worries away. In fact, Red Hat's Matthew Garrett, who originally broke this story, has some more information - worst of which is that Red Hat has received confirmation from hardware vendors that some of them will not allow you to disable secure boot.
Thread beginning with comment 490680
To view parent comment, click here.
To read all comments associated with this story, please click here.
oiaohm
Member since:
2009-05-30

Once boot key is leaked its over. Attackers will be able to breach all those systems.

So protection from boot breaching is basically gone as soon as MS loses control of the key.

Design only allows for UEFI only allows for a bootloader to be signed by 1 key not 2 or 3. The UEFI load system can contain more than 1 key to check boot loader against. So yes UEFI setup correctly where you can load extra keys in transition from one key to another would not require a disruption. Heck you could be creative and make it a one way process. When bios sees something using a newer key leave the old key behind.

You are stupid on one statement. Average PC user cannot create a core breaching virus either. The Key will return system breaches to what it is now. Basically the signing system is not about protecting the Average from the system is about protecting the elite from attacking systems. So signing there fake boot-loaders are going to be a walk in park.

Remember the people breaching the systems are already doing illegal things so breaching Microsoft to get the primary signing key is not going to worry them one bit.

Basically once the primary signing key is lost it has to be given up being used if you wish to maintain secuirty.

Basically Microsoft will be waving a big flag to a very powerful force doing this. Even with Microsofts resources I don't see them has having enough to stop it.

So if your solution is MS keeps on signing with the OLD key are you saying its suitable to leave users exposed to secuirty risk. Hello. This is unfair and wrong.

So forced upgrade of motherboards because someone at Microsoft carelessly lost a key so we force to buy more Microsoft software. Yes SUX major-ally this idea. Microsoft design is screwed for all end users.

Key update system is mandatory when design any system with key based secuirty if you wish for it to remain secure.

If this solution from Microsoft was sane there would not be this issue at all. There would be a mandatory key update system that Linux and other competitors could use. Pain in but for the competitors since installing their OS's would have extra steps ie since out box is most likely windows.

Yes Microsoft would still gain a competitive advantage this way. But not put everyone ass on the preferable chopping block when key leaks. I say when not if because I don't believe for one min it going to be if.

Reply Parent Score: 2

nonoitall Member since:
2011-09-22

Design only allows for UEFI only allows for a bootloader to be signed by 1 key not 2 or 3.

Really? Where did you find this out? If that's the case, Microsoft can still include multiple signatures with the boot loader -- they just have to install it with one that will work on the system in question.

You are stupid on one statement. Average PC user cannot create a core breaching virus either. The Key will return system breaches to what it is now. Basically the signing system is not about protecting the Average from the system is about protecting the elite from attacking systems. So signing there fake boot-loaders are going to be a walk in park.

Remember the people breaching the systems are already doing illegal things so breaching Microsoft to get the primary signing key is not going to worry them one bit.

Basically once the primary signing key is lost it has to be given up being used if you wish to maintain secuirty.

Basically Microsoft will be waving a big flag to a very powerful force doing this. Even with Microsofts resources I don't see them has having enough to stop it.

So if your solution is MS keeps on signing with the OLD key are you saying its suitable to leave users exposed to secuirty risk. Hello. This is unfair and wrong.

We all know that this "secure" boot has just about nothing to do with the users' security. The only party that really stands to lose if the old key is compromised is Microsoft, but only savvy users will really be able to exploit the weakness. As such, even if the key is compromised, I doubt they'll be in a huge rush to fix it.

It's kind of like the DRM on DVD and Blu-ray. They've both been compromised, but your average user won't know how to exploit that, so the entertainment industry just keeps using the same flawed system. It's not like they really have our best interests at heart. They're just concerned with keeping a majority of users under their control, and as long as the old way keeps working somewhat effectively, they'll usually avoid changing it, since that invariably leads to users' getting locked out -- the exact opposite of what they want.

Just as a side note, it kind of looks like English might not be your first language. So as a piece of advice: Most people will be offended if you associate the word "stupid" with them. A gentler term would be "misinformed", but it seems like this is more of a miscommunication than anything else. ;-)

Microsoft design is screwed for all end users.

Key update system is mandatory when design any system with key based secuirty if you wish for it to remain secure.

If this solution from Microsoft was sane there would not be this issue at all. There would be a mandatory key update system that Linux and other competitors could use. Pain in but for the competitors since installing their OS's would have extra steps ie since out box is most likely windows.

Yes Microsoft would still gain a competitive advantage this way. But not put everyone ass on the preferable chopping block when key leaks. I say when not if because I don't believe for one min it going to be if.

I think I agree with this. ;-)

Reply Parent Score: 1

oiaohm Member since:
2009-05-30

Part of UEFI design is that you cannot probe from OS side what keys are in the store. So yes it will be leap of faith at times if you try just putting up signed boot-loaders guessing what key works. This is about making attackers life harder.

So providing multi copies of the bootloader are not going to cut it either. Also once key is breached you don't want to keep on using it. Since attackers these days are after to place bootloader before OS so anti malware software inside the OS cannot detect the virus /bot/worm is there. Breached key equals exploited OS at core.

So yes only way to see what keys are in there would basically have something in the bios dialogs to show you. This is also useful for techs debuging why something has gone south. Go into bios look at the keys and go o boy that bios needs a update. If you can add keys you could just add the missing one remove the now expired one problem solved.

Now if you have to go by bios version numbers to makers site to find out if a particular version of windows can be installed is going to be a complete pain in but.

nonoitall the average user has nothing todo with why the secuirty is being done in the first place. What has better chance of average user being able to cope with secure boot. Having to visit a makers site or being able to check page in bios for what is supported. Having to check page in bios for what is support is closer average users skill limits.

Many windows machines are being exploited by malware/bot/worm/virus boot loader that effectively render all forms of detection of infection bar booting from different media almost impossible.

The prime reason for this is not DRM. Its the rate of infected machines out there. Something has to be done when more and more users are getting infected and the infection not being detectable.

Breach of DVD and Blueray is not a major problem. Reason what can you make a Blueray machine do by the breach nothing. What can you make a standard computer do when you breach it.

List of items.
Send spam
DDOS attack
Infect Others
Steal Identities
Steal person money and many other evils.

Basically if we want to stop OS being infected we need auditing from boot up all the way to user applications. This is many times more effective than anti-virus software. White listing. If only white listed stuff can work areas that can be infected are reduced.

Mandatory secure boot I have no problem with as long as I can add my own keys when I want to. And remove keys I know they are breached.

Most of the Linux world would not care either if they can added the keys required.

Simple fact here the rate viruses are growing its getting too cpu consuming to be working by black list. Items like secure boot based on public key encryption has to come.

So secure boot provides the promise of less anti-virus scanning required.

Most import is the implementation is sane for consumers. Microsoft current implementation fails the sane test. Insane to take too much control out of consumers hands and transfer to hardware makers.

Reply Parent Score: 2