|
|
Log in / Subscribe / Register

Bottomley: Owning your Windows 8 UEFI Platform

Bottomley: Owning your Windows 8 UEFI Platform

Posted Feb 19, 2013 2:43 UTC (Tue) by hummassa (guest, #307)
In reply to: Bottomley: Owning your Windows 8 UEFI Platform by raven667
Parent article: Bottomley: Owning your Windows 8 UEFI Platform

The article is a Jailbreaking guide! Read one of those, re-read the article, and think!

to post comments

Bottomley: Owning your Windows 8 UEFI Platform

Posted Feb 19, 2013 5:05 UTC (Tue) by raven667 (subscriber, #5198) [Link] (1 responses)

I really don't think that this qualifies as "jailbreaking", using the standard tools to edit the system keys in the normal way, as you aren't breaking any security restrictions by doing this, you're supposed to be able to edit the keys. There is a similarity to jailbreaking guides, they both involve performing a sequence of technical steps around the early boot environment, but that's where the similarity ends.

I tried looking around for other jailbreak info for iOS but wasn't able to find much useful technical info as to what exactly the boot process is, what is broken in it to allow for an untethered jailbreak and how that is persisted across reboots. Anything that requires a USB connection or for the device to be tethered to boot isn't very interesting and isn't really the kind of threat that Secure Boot is meant to address. Secure Boot is meant to prevent remote attackers from modifying the early boot process in an undetectable way.

http://mjg59.dreamwidth.org/13061.html

A detailed comparison of different platforms such as iOS, Android, PS3, Xbox, uEFI Secure Boot would be interesting. Most of the boot locking systems have different design goals and threat models than Secure Boot so the techniques used by each may be different with different strengths and weaknesses.

Bottomley: Owning your Windows 8 UEFI Platform

Posted Feb 19, 2013 18:39 UTC (Tue) by hummassa (guest, #307) [Link]

> There is a similarity to jailbreaking guides, they both involve performing a sequence of technical steps around the early boot environment, but that's where the similarity ends.

It is all that is needed. I only see "secure" boot as effective in forcing jailbreak-like activities and steps on users that want to exercise the liberty of changing their operating system, usually for a better option for them.

It still seems to me that "secure" boot, even if succeeding in locking the core OS to be loaded -- which is doubtful at best --, does not add anything but Zero to the security of the system in general and, in particular, does not preclude the installation of programs that would steal keystrokes, passwords, or files, or that provoke unwanted hardware interactions.

If you really cannot see that, we will have to agree in disagreeing... after all, I cannot force you to be right. :-D

Bottomley: Owning your Windows 8 UEFI Platform

Posted Feb 19, 2013 9:49 UTC (Tue) by mirabilos (subscriber, #84359) [Link] (2 responses)

This does not matter. It’s a closed platform, restricted, and besides the ability to take over your own machine works only for amd64, not for ARM, if it’s Microsoft® certified.

Just boycott this crap.

Who wants a several-Mebibytes long shitload of EFI, when a BIOS is just enough to boot a proper operating system?

Bottomley: Owning your Windows 8 UEFI Platform

Posted Feb 19, 2013 17:22 UTC (Tue) by raven667 (subscriber, #5198) [Link]

You contradict yourself, machines where you control the keys are not restricted or closed...

I fully agree that it's reasonable to prefer open devices, you don't have to buy an MS Surface, get a Nexus 7 where you can replace the OS. If you don't want closed crap, don't buy it, there is a big enough market for open devices for them to remain available.

As far as EFI, I would ask which environment firmware and bootloader developers prefer, the impoverished environment of a 1980's era BIOS kernel or the more modern, comprehensive tooling of EFI (and GPT and dedicated boot partitions, etc. ad infinitum).

Bottomley: Owning your Windows 8 UEFI Platform

Posted Feb 19, 2013 18:39 UTC (Tue) by khim (subscriber, #9252) [Link]

Who wants a several-Mebibytes long shitload of EFI, when a BIOS is just enough to boot a proper operating system?

Apparently the answer is anyone who wants to use recent Intel's CPU (scroll down to Closed bits and open bits and then further to bits about Management Engine).


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds