>>cleverly designed binary may be able to validate even though it contains unsigned code
Someone can just write and sign the bytecoode interpreter. Then what? Even though the interpreter itself is not malicious it could be used for malicious purposes. Where do you draw a line? Will you ban thin hypervisors because some flaw could allow unsigned VM code to change something on the host?
>>People desperately want to believe that the Secure Boot implementation is fundamentally >>broken, and that's just not true.
But it is true.
Certificate Authority system is broken. Adding a 3rd party to a chain of trust reduces security by increasing the number of entities you implicitly trust. The whole CA thing is just a money raking scheme, a big boys club membership pass.
>>For starters, you'll need to provide some form of plausible ID for Verisign to >>authenticate you and hand over access.
Yes, as if someone from Russia or China couldn't do that. Good luck trying to arrest them.
Anyway, Verisign wouldn't be the first security company that got compromised.
Verisign has been tricked into issuing certificates in Microsoft's name: http://news.cnet.com/2100-1001-254628.html
Diginotar has been breached: http://isc.sans.edu/diary.html?storyid=11500
RSA has been breached: http://www.nytimes.com/2011/06/08/business/08security.html?pagewanted=all
Microsoft's own certificates were compromised few days ago and had to be revoked, not to mention that they have allowed Flame malware to exist and do its bidding. It's almost as if that was a deliberate backdoor waiting to be exploited: http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx
And what if someone with enough determination actually physically breached into Verisign and got the UEFI root CA thus compromising everything? How is that going to be revoked? Will it require user consent, or will it be silent, mandatory key update? What will happen with user added keys? Will you trust the state of potentially compromised system or you will zap the key store and just load the new key? Will you have to pay again to sign with a new key?
The whole point of secure boot is not to secure our computers from malicious software (did anyone seriously believed that for one second?), but to secure software and media content that we "the pirates" might try to "steal".
Next thing you won't be able to pass the BIOS boot screen unless the computer is online and can check for updated or revoked certificates. From that point onwards it is just a matter of months before they will silently start scanning your data and sending it to them through the out-of-band network channel.
Power management, mobile and firmware developer on Linux. Security developer at Aurora. Ex-biologist. mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer. Also on Mastodon.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
delete the duplicate please
Date: 2012-06-08 05:08 pm (UTC)Someone can just write and sign the bytecoode interpreter. Then what? Even though the
interpreter itself is not malicious it could be used for malicious purposes. Where do
you draw a line? Will you ban thin hypervisors because some flaw could allow unsigned
VM code to change something on the host?
>>People desperately want to believe that the Secure Boot implementation is fundamentally
>>broken, and that's just not true.
But it is true.
Certificate Authority system is broken. Adding a 3rd party to a chain of trust reduces
security by increasing the number of entities you implicitly trust. The whole CA thing
is just a money raking scheme, a big boys club membership pass.
>>For starters, you'll need to provide some form of plausible ID for Verisign to
>>authenticate you and hand over access.
Yes, as if someone from Russia or China couldn't do that. Good luck trying to arrest them.
Anyway, Verisign wouldn't be the first security company that got compromised.
Verisign has been tricked into issuing certificates in Microsoft's name:
http://news.cnet.com/2100-1001-254628.html
Diginotar has been breached:
http://isc.sans.edu/diary.html?storyid=11500
RSA has been breached:
http://www.nytimes.com/2011/06/08/business/08security.html?pagewanted=all
Microsoft's own certificates were compromised few days ago and had to be revoked, not
to mention that they have allowed Flame malware to exist and do its bidding. It's almost
as if that was a deliberate backdoor waiting to be exploited:
http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft-releases-security-advisory-2718704.aspx
And what if someone with enough determination actually physically breached into Verisign
and got the UEFI root CA thus compromising everything? How is that going to be revoked?
Will it require user consent, or will it be silent, mandatory key update? What will happen
with user added keys? Will you trust the state of potentially compromised system or you
will zap the key store and just load the new key? Will you have to pay again to sign with
a new key?
The whole point of secure boot is not to secure our computers from malicious software
(did anyone seriously believed that for one second?), but to secure software and media
content that we "the pirates" might try to "steal".
Next thing you won't be able to pass the BIOS boot screen unless the computer is online
and can check for updated or revoked certificates. From that point onwards it is just a
matter of months before they will silently start scanning your data and sending it to
them through the out-of-band network channel.