Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Chat about just about anything else
Post Reply
User avatar
eatenimpinia
Level 3
Level 3
Posts: 146
Joined: Thu Sep 10, 2015 9:29 pm

Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by eatenimpinia »

Well, this is interesting. From:

http://arstechnica.com/security/2016/08 ... olden-key/
Microsoft has inadvertently demonstrated the intrinsic security problem of including a universal backdoor in its software after it accidentally leaked its so-called "golden key"—which allows users to unlock any device that's supposedly protected by Secure Boot, such as phones and tablets.

The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled.

And while this means that enterprising users will be able to install any operating system—Linux, for instance—on their Windows tablet, it also allows bad actors with physical access to a machine to install bootkits and rootkits at deep levels. Worse, according to the security researchers who found the keys, this is a decision Microsoft may be unable to reverse.
Last edited by eatenimpinia on Thu Aug 11, 2016 12:03 pm, edited 1 time in total.
Distro: (back to) Linux Mint 17.3 Rosa, Kernel: 4.4.0-51-generic x86_64 (64 bit), Desktop: Cinnamon 2.8.8

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4215
Joined: Sat Sep 13, 2014 11:12 am
Location: Swimming

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by Fred Barclay »

Imagine that! :lol:

What I can't figure out is how to get a copy of the "golden key." If it's legal to get, I'd sure like to get my paws on one for future use (in case I have to force-disable Secure Boot.)
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

User avatar
eatenimpinia
Level 3
Level 3
Posts: 146
Joined: Thu Sep 10, 2015 9:29 pm

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by eatenimpinia »

I wonder if all the Linux distributions can embed it.
Distro: (back to) Linux Mint 17.3 Rosa, Kernel: 4.4.0-51-generic x86_64 (64 bit), Desktop: Cinnamon 2.8.8

User avatar
BG405
Level 7
Level 7
Posts: 1978
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by BG405 »

It's about time! Locking hardware to their OS is not something I find acceptable at all without signing an agreement, by choice, when you buy the hardware at a subsidized price. Once you'fve bought it, it's no longer MS's property. Reminds me of the hobbling they did to a lot of netbooks allowing a maximum of 2GB RAM.

The cell phone manufacturers are apparently no longer allowed to lock their handsets to specific networks (in the UK at least) so why is it deemed OK for computer manufacturers to do this? Oh, of course. It's so MS can continue data-mining.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 8GB - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

User avatar
Reorx
Level 11
Level 11
Posts: 3933
Joined: Tue Jul 07, 2009 7:14 pm
Location: SE Florida, USA

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by Reorx »

Fred Barclay wrote:Imagine that! :lol:

What I can't figure out is how to get a copy of the "golden key." If it's legal to get, I'd sure like to get my paws on one for future use (in case I have to force-disable Secure Boot.)
Try HERE (while supplies last! :lol: ). (Side bet - how long before the link becomes non-functional / error 404? My SWAG - 37 hours!)

Also - there is more info in the referenced article by the OP... I think it's worth reading the whole article. Note this at the end of the article >>> "This story was updated to clarify the nature of the "golden key," which isn't technically a key at all."
Full time Linux Mint user since 2011 - Currently running LM19 Cinnamon.

Image Image

User avatar
MintBean
Level 9
Level 9
Posts: 2967
Joined: Fri Aug 07, 2015 6:54 am
Location: Blighty

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by MintBean »

Good- I'm glad. What right does an OS manufacturer have to appoint themselves judge and jury as to what other OS' may be installed on a piece of computer hardware?

User avatar
Portreve
Level 8
Level 8
Posts: 2450
Joined: Mon Apr 18, 2011 12:03 am
Location: Florida
Contact:

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by Portreve »

So, first off, what Richard Stallman and others have been saying for years is now pretty much demonstrated: there absolutely are back-doors in Microsoft's OS products (at least) and in the middleware they've promulgated to hardware vendors.

There's no way in hell I will ever buy a computer, or recommend another person buy one, which is locked or restricted.

Methinks System76 should jump at the chance to market on this particular point.
Please be polite and remember to mark your fixed problem [SOLVED].

Presently running Linux Mint Cinnamon 19.3.

Know when what you're doing is trying to fit a square peg in a round hole, and STOP.

Still looking for a new job.

User avatar
Chiefahol
Level 4
Level 4
Posts: 473
Joined: Thu Jun 11, 2015 12:32 am

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by Chiefahol »

What does this mean for people running secure boot with windows? Are we all going to get owned by random hackers now?
Donate to your favourite distros!

User avatar
Fred Barclay
Level 12
Level 12
Posts: 4215
Joined: Sat Sep 13, 2014 11:12 am
Location: Swimming

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by Fred Barclay »

Chiefahol wrote:What does this mean for people running secure boot with windows? Are we all going to get owned by random hackers now?
I don't think so. IIRC, secure boot only handles which OSes can (or cannot) be loaded through UEFI. It doesn't have any real relevance to the OS itself once that has booted past the very first stages. So "unlocking" Secure Boot this way will only allow you to boot OSes that aren't signed by Microsoft, not take control of the machine.
(I believe Secure Boot also made it harder for a certain type of rootkit to actually work, but I could be mistaken.)

Most Mint users with Secure Boot probably already have it turned off, meaning that this leak has no effect on them.

Finally, actually applying this "golden key" or whatnot, currently means an attacker has to have physical access to your machine. And as we all know, physical access = game over. The "golden key" won't magically open doors that can't be opened in other, more conventional ways that any self-respecting attacker (with physical access to your machine) should already know.

That's the way I see it, anyways. The real beneficiaries of this are us, not crackers.
Image
"Once you can accept the universe as matter expanding into nothing that is something, wearing stripes with plaid comes easy."
- Albert Einstein

User avatar
Lucap
Level 5
Level 5
Posts: 919
Joined: Tue May 24, 2016 1:40 am

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by Lucap »

In the past i've never really cared for this Microsoft vs Linux argument and have pretty much stayed out of the windows bashing but since version 8 onwards i've started to develop a a strong dislike towards Microsoft's " Our way or no way " attitude.

Habitual
Level 13
Level 13
Posts: 4865
Joined: Sun Nov 21, 2010 8:31 pm
Location: 0.0.0.0

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by Habitual »

Fred Barclay wrote:And as we all know, physical access = game over.
People worry about the wrong things.

User avatar
BG405
Level 7
Level 7
Posts: 1978
Joined: Fri Mar 11, 2016 3:09 pm
Location: England

Re: Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open

Post by BG405 »

I wonder if this will solve the difficulty trying to boot Mint on my Linx 7 tablet? Though that does work, eventually, after adding the bootia32.efi file to EFI/BOOT/ as it is 64-bit architecture but has 32-bit UEFI :) And my mate's HP Pavilion, which did something to the USB necessitating a rewrite on the one occasion I got it to boot.
Dell Inspiron 1525 - LM17.3 CE 64-------------------Lenovo T440 8GB - Manjaro KDE with Mint VMs
Toshiba NB250 - Manjaro KDE------------------------K7S5A AMD 1.2GHz - LM17.3 Xfce 32 & WinXP-Pro
Acer Aspire E11 ES1-111M - LM18.2 KDE 64 ----Dell PII 350 64MB - Puppy 4.3 & Win98-SE

Post Reply

Return to “Open chat”