LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

An update on UEFI secure boot

An update on UEFI secure boot

Posted Nov 3, 2011 4:23 UTC (Thu) by slashdot (guest, #22014)
Parent article: An update on UEFI secure boot

But... does this really enhance security that much in the real world?

Because the thing is that an unprivileged process running in Windows already cannot replace the Windows OS image with something else due to OS permissions (just like a non-root Linux user cannot just replace the kernel if the administrator did a sensible job).

And if a trojan can bypass OS permission check, then it can set itself to automatically run on boot and re-escalate every time.

Even if support for any form of autorun is dropped, it would still be possible to just infect a non-Microsoft-signed executable which the user runs very often (for instance Firefox or a game).

The only benefit I see is that installing a patch for an OS bug will be more likely to disable malware exploiting it, and while it is possible for malware to block the OS update (and make it look it was applied), this requires substantial additional work on the part of the malware author.

BTW, this assumes that Windows 8 will refuse to load any unsigned drivers, system executables, DLLs, as well as any configuration/script file capable of loading binary code, as otherwise it's totally pointless, since you just infect those instead of the UEFI image.
I have a feeling however that they will fail to actually enforce this properly.

(Log in to post comments)

An update on UEFI secure boot

Posted Nov 3, 2011 6:41 UTC (Thu) by njs (guest, #40338) [Link]

As I understand it, the sole point of "secure boot" is to let you run your *virus checker* at boot time, in such a way that your virus checker can't be disabled by malware.

If you don't have a securely signed virus-checker that you run directly from your boot-loader, then all this secure boot stuff is useless, AFAICT.

An update on UEFI secure boot

Posted Nov 6, 2011 22:40 UTC (Sun) by foom (subscriber, #14868) [Link]

I was thinking it was so that a "reinstall windows" button could reliably reinstall windows from the HD, without the possibility of any rootkits getting in the way.

An update on UEFI secure boot

Posted Nov 6, 2011 22:48 UTC (Sun) by njs (guest, #40338) [Link]

Good idea. I haven't seen that in any MS literature, but I haven't looked at much either. Though, "reliably" is probably the wrong word -- you could prevent a rootkit from infecting the backup partition, but it could easily trash the backup partition so that you still had to use a traditional reinstall method.

An update on UEFI secure boot

Posted Nov 7, 2011 0:23 UTC (Mon) by mjg59 (subscriber, #23239) [Link]

That's something it allows, yes. But it also allows you to assume that nothing has modified system state before you start the kernel, which means that if the first piece of userspace you start is a virus checker you know that the answers it gets from the kernel can be trusted.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds