|
Authored by: Anonymous on Friday, October 12 2012 @ 12:43 AM EDT |
Doesn't this mean you're pressing a key or something to continue loading every
time you (re)boot a PC?[ Reply to This | Parent | # ]
|
|
Authored by: Anonymous on Friday, October 12 2012 @ 01:56 AM EDT |
My reading says that to boot an insecure kernel you need to have
physical ownership of the machine. Go fer it.
[ Reply to This | Parent | # ]
|
|
Authored by: ailuromancy on Friday, October 12 2012 @ 03:04 AM EDT |
The fundamental flaw in secure boot has been the
set of keys installed by
manufacturers and distributors.
Microsoft's choice would be that only
Microsoft's key
should be installed so only Microsoft get to choose
what
operating systems you are allowed to boot.
That is clearly unacceptable
to any dictatorship
and well funded state security organisation
on the
plannet. Each of them will insist that their
own keys are trusted so they can
install key loggers
and assorted spyware. Also if you buy your computer
from
Smell, you should only by allowed to purchase
upgrades from Smell. Distributer
Smell can achieve this
by replacing the manufacturer's key with their
own.
Fortunately some organisations will
not have the power to get their public
keys installed.
Of the rest, at least one will not have the competence
to keep
their secret key secret.
As a paranoid programmer, the only key I think
should
be installed on my computers is one I generate myself.
If half my brain
falls out and I decide to install
Windows, I can take care to get an authentic
copy of
the operating system and sign the boot loader with my
secret
key.
The plan is to permit skilled programmers choose which
keys to
install. If someone does not beat me to it,
I will simplify the process to so
that a script kiddie
can own any computer he has physical access to.
You can
be sure that criminals and secrets agents will
have such tools, so there is no
harm in making them
available to the person who actually bought the
computer.
[ Reply to This | Parent | # ]
|
- Not so fast ... - Authored by: Anonymous on Friday, October 12 2012 @ 11:19 AM EDT
|
Authored by: DieterWasDriving on Saturday, October 13 2012 @ 12:10 PM EDT |
This does break the "chain of trust", and might allow an exploit where
one wasn't previously possible. You could use the signed Linux loader to load a
compromised Windows system, which to the end-user would appear identical to a
securely booted original system. Installing this exploit would be significant
work, but it is easy to describe and understand.
I doubt this would commonly happen.
Instead the first Windows exploit will compromise that UEFI system for all time.
There isn't a way to say "allow everything signed with this key, except
for this version". So a virus just needs to install that vulnerable
version, which will pass the signed-binary check and then use the old exploit to
load a compromised edit of the "current" version.
The fix is to install an updated Microsoft key on new machines and when updating
the BIOS. That will be very unpopular, as it breaks all old installations
including this Linux loader.
[ Reply to This | Parent | # ]
|
|
|
|
|