Matthew Garrett ([personal profile] mjg59) wrote,
@ 2012-06-06 10:32 am UTC
  • Previous Entry
  • Add to Memories
  • Tell someone about this!
  • Next Entry
Entry tags:advogato, fedora
Why not just avoid the entire Secure Boot problem by using Coreboot? Because the reason we have the Secure Boot problem is because Microsoft's Windows 8 certification requirements mean vendors have to ship a UEFI implementation with Secure Boot. You could satisfy that by using Coreboot with a Tiano payload, but it'll still have Secure Boot enabled so you still have the same set of problems. But maybe you could just reflash your system with Coreboot? No, because another part of the requirements states that all firmware updates have to be cryptographically signed now. The only way to reflash will be to attach a flash programmer directly to your motherboard.

So why not just use Coreboot? Because it doesn't help solve this problem in any way.

(Read 43 comments) - (Post a new comment)
(Flat) (Top-level comments only)

delete the duplicate please


(Anonymous)
2012-06-08 05:08 pm UTC (link)
>>cleverly designed binary may be able to validate even though it contains unsigned code

Someone can just write and sign the bytecoode interpreter. Then what? Even though the
interpreter itself is not malicious it could be used for malicious purposes. Where do
you draw a line? Will you ban thin hypervisors because some flaw could allow unsigned
VM code to change something on the host?

>>People desperately want to believe that the Secure Boot implementation is fundamentally
>>broken, and that's just not true.

But it is true.

Certificate Authority system is broken. Adding a 3rd party to a chain of trust reduces
security by increasing the number of entities you implicitly trust. The whole CA thing
is just a money raking scheme, a big boys club membership pass.

>>For starters, you'll need to provide some form of plausible ID for Verisign to
>>authenticate you and hand over access.

Yes, as if someone from Russia or China couldn't do that. Good luck trying to arrest them.

Anyway, Verisign wouldn't be the first security company that got compromised.

Verisign has been tricked into issuing certificates in Microsoft's name:
http://news.cnet.com/2100-1001-254628.html

Diginotar has been breached:
http://isc.sans.edu/diary.html?storyid=11500

RSA has been breached:
http://www.nytimes.com/2011/06/08/business/08security.html?pagewanted=all

Microsoft's own certificates were compromised few days ago and had to be revoked, not
to mention that they have allowed Flame malware to exist and do its bidding. It's almost
as if that was a deliberate backdoor waiting to be exploited:
http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx

And what if someone with enough determination actually physically breached into Verisign
and got the UEFI root CA thus compromising everything? How is that going to be revoked?
Will it require user consent, or will it be silent, mandatory key update? What will happen
with user added keys? Will you trust the state of potentially compromised system or you
will zap the key store and just load the new key? Will you have to pay again to sign with
a new key?

The whole point of secure boot is not to secure our computers from malicious software
(did anyone seriously believed that for one second?), but to secure software and media
content that we "the pirates" might try to "steal".

Next thing you won't be able to pass the BIOS boot screen unless the computer is online
and can check for updated or revoked certificates. From that point onwards it is just a
matter of months before they will silently start scanning your data and sending it to
them through the out-of-band network channel.

(Reply to this


(Read 43 comments) - (Post a new comment)
(Flat) (Top-level comments only)