Bottomley: Owning your Windows 8 UEFI Platform
Bottomley: Owning your Windows 8 UEFI Platform
Posted Feb 18, 2013 20:21 UTC (Mon) by raven667 (subscriber, #5198)In reply to: Bottomley: Owning your Windows 8 UEFI Platform by hummassa
Parent article: Bottomley: Owning your Windows 8 UEFI Platform
>No, it doesn't, and the proof for that is Apple's products jailbreaks. One of them used a simple crafted PDF that subverted the "secure boot" infrastructure.
Are you sure? Are you saying that there were jailbreaks that were permanent and that can't be removed or detected and that persist across reboots and upgrades of the OS? Are you sure it was the boot infrastructure that was being bypassed, rather than the OS kernel?
>> Secure boot ensures that the core OS loaded is unmodified.
>Yes. But from a security standpoint, this would ONLY be a good thing if the core OS loaded was PROVEN secure. If you load a swiss cheese of vulnerabilities, unmodified, this is a BAD thing.
That is an absurd position to take because you and I both know that the OS kernel is not and never will be "proven" secure, also this is not a claim which is being made by secure boot proponents or by the spec so to defend against claims which weren't made is the creation of a straw man on your part.
Secure Boot can only help prevent permanent, undetectable modification of the firmware and stage 1 bootloader by those not authorized by the system owner (such as malware), what the OS kernel and later code does with this known good system state is up to the implementor, usually they are going to want to push the known good state as far as they can (until arbitrary code which can be under the control of an attacker is run and re-compromises the system), by doing their own signature checking and whatnot.