User: Password:
|
|
Subscribe / Log in / New account

An update on UEFI secure boot

An update on UEFI secure boot

Posted Oct 27, 2011 13:50 UTC (Thu) by simlo (guest, #10866)
Parent article: An update on UEFI secure boot

I think people are missing the big issue here:

The issue is not if you will end up buying machines where you can't boot Linux because secure boot can't be switched off. That will not happen, among other things, due to anti-trust issues.

No the problem is that secure boot is the first in the chain against "trusted computing." I.e. to play your media files you have to have booted a trusted OS which only allow trusted software to open your files. Later on your bank will require you to use a trusted OS to do net-banking. Then all kinds of services will require it. Then the ISPs will require it for you to access the internet at all. Then states will require it to make sure you can't access child porn, bomb manuals etc. We all know where that road leads to...


(Log in to post comments)

An update on UEFI secure boot

Posted Oct 27, 2011 14:20 UTC (Thu) by zonker (subscriber, #7867) [Link]

That could be - but I don't think that's what MSFT is aiming for here. I think they're primarily targeting "greymarket" Windows. But maybe you're right...

An update on UEFI secure boot

Posted Oct 27, 2011 15:28 UTC (Thu) by raven667 (subscriber, #5198) [Link]

That's true but we have to be careful that the secure boot infrastructure isn't mis-used, through incompetence or apathy, such that we have to resort to jail-breaking and other potentially illegal activity just to run our own software. This whole discussion started because a naive implementation of the MS Win8 Logo requirements could leave competitive systems on the Desktop out in the cold and MS isn't overflowing with concern about what happens outside their ecosystem.

An update on UEFI secure boot

Posted Oct 27, 2011 14:23 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

Secure boot is not trusted boot. It's impossible for any OS using it to know that it booted via a trusted path.

An update on UEFI secure boot

Posted Oct 27, 2011 15:05 UTC (Thu) by simlo (guest, #10866) [Link]

Let me see if I understand it correctly:

We have a boot chain:

firmware -> bootloader -> OS -> applications -> server

Each have some build in certificates to verify from left to right: The firmware have a certificate for the bootloader, the bootloader have certificate(s) for the kernel etc. In secure boot, if the signature doesn't match, stop the boot process.

To have "trusted computing" you also need to be able to verify from right to left: The server shall be able to be able to see that the application is correctly signed.

So to interpret the difference between secure boot and trusted computing:
The firmware can tell the bootloader that it was correctly signed. The bootloaded can tell the OS etc. But the bootloaded can lie to you in "secure boot": Secure boot might actually have been turned off in the firmware, but the bootloader have also been changed to lie to the OS that it was correctly signed.
Or the user can tell the server that the stack is correctly signed, because there is no way the server can verify it.

If that is the case, where is the security? It should be "simple" to either manipulate the firmware to switch off secure boot on specific systems, or trick the user into doing so, while flipping the bits in the bootloader, OS etc. It is harder to install malware on such a system, but far from impossible if you know which bits to flip - and hackers do. The only real things which makes it harder is to figure out how to disable secure boot on many different versions of the firmware. I bet you can manipulate the setting from software, if you know how.

An update on UEFI secure boot

Posted Oct 27, 2011 15:15 UTC (Thu) by mjg59 (subscriber, #23239) [Link]

The security comes from the requirement that the user enter the BIOS to disable the feature. If the firmware is implemented in such a way that you can modify this from the OS then it's obviously circumventable, but the design is intended to be such that this is impossible.

An update on UEFI secure boot

Posted Oct 27, 2011 23:50 UTC (Thu) by giraffedata (subscriber, #1954) [Link]

The bootloader can tell the OS [that it was correctly signed] etc. But the bootloader can lie to you in "secure boot":

Not quite. The bootloader can't tell the OS that it was correctly signed and the OS can't ask. Implementing that function would be ridiculous, since the bootloader could lie. It would be like a prostitute asking a potential client if he is a cop.

That's the difference between secure boot and trusted computing. With trusted computing, the program can determine it is running on a platform the program trusts; with secure boot, the user can ensure everything running on his computer is something he trusts.

An update on UEFI secure boot

Posted Nov 20, 2011 20:51 UTC (Sun) by oak (guest, #2786) [Link]

That's where DRM comes in. The content is crypted so that only your firmware which has the correct keys can decrypt it. Firmware will do that only if boot was secured. "Content" can be anything; challenge from your internet bank, video stream, code loaded on game startup etc.

An update on UEFI secure boot

Posted Nov 20, 2011 21:11 UTC (Sun) by mjg59 (subscriber, #23239) [Link]

Given the way UEFI works, it'd be trivial for you to extract the decryption key in any such scenario.

An update on UEFI secure boot

Posted Oct 27, 2011 15:36 UTC (Thu) by raven667 (subscriber, #5198) [Link]

The issue is not if you will end up buying machines where you can't boot Linux because secure boot can't be switched off. That will not happen, among other things, due to anti-trust issues.

I think that is a real concern, not because of any malice on MS or the hardware vendors part but just due to apathy about non-MS desktop systems. It would be easy to load the MS keys into the hardware, flip on the secure-boot feature and not bother to make a UI for loading your own keys or turning the feature off, locking the hardware to only run Win8 (and possibly some OEM version of Win7 that's signed). That's not saying there wouldn't be vendors who do allow key modification or even cater to the Linux market but there was a real danger of the PC market getting locked up in the name of security and turning people into criminals who have to jail-break their machines.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds