It looks like firmware is locked out from write at a certain point by the boot firmware. Firmware updates that are initiated from the operating system are actually just queued up for installation by the current firmware on the next boot, and as such the current firmware does the final cryptographic checks before overwrite.
The UEFI specs provide some considerable APIs/protocols for changing stored keys and hashes but execution of these has to be done in "setup mode". It's not clear if UEFI firmwares have to provide any guis for actually using those APIs -- so its all going to be vendor by vendor.
Anyone know what the Microsoft Windows 8 certification requires? Are they just asking for users to be able to turn off secure boot for other operating systems but without requiring that the GUIs allow the firmware to be reflashed and or the keys/hashes changed?
""" Security guidelines are specified for four system BIOS features: • The authenticated BIOS update mechanism, where digital signatures prevent the installation of BIOS update images that are not authentic. • An optional secure local update mechanism, where physical presence authorizes installation of BIOS update images. • Integrity protection features, to prevent unintended or malicious modification of the BIOS outside the authenticated BIOS update process. • Non-bypassability features, to ensure that there are no mechanisms that allow the system processor or any other system component to bypass the authenticated update mechanism. """
Re: Coreboot = dead soon? How is firmware flashing prevented?
It looks like firmware is locked out from write at a certain point by the boot firmware. Firmware updates that are initiated from the operating system are actually just queued up for installation by the current firmware on the next boot, and as such the current firmware does the final cryptographic checks before overwrite.
The UEFI specs provide some considerable APIs/protocols for changing stored keys and hashes but execution of these has to be done in "setup mode". It's not clear if UEFI firmwares have to provide any guis for actually using those APIs -- so its all going to be vendor by vendor.
Anyone know what the Microsoft Windows 8 certification requires? Are they just asking for users to be able to turn off secure boot for other operating systems but without requiring that the GUIs allow the firmware to be reflashed and or the keys/hashes changed?
For reference, this is one of the simple things I was looking at other than the UEFI spec itself
http://www.uefi.org/learning_center/UEFI_Plugfest_2012Q1_v3_AMI.pdf
and it notably referrenced this:
http://csrc.nist.gov/publications/nistpubs/800-147/NIST-SP800-147-April2011.pdf
"""
Security guidelines are specified for four system BIOS features:
• The authenticated BIOS update mechanism, where digital signatures prevent the installation of
BIOS update images that are not authentic.
• An optional secure local update mechanism, where physical presence authorizes installation of
BIOS update images.
• Integrity protection features, to prevent unintended or malicious modification of the BIOS outside
the authenticated BIOS update process.
• Non-bypassability features, to ensure that there are no mechanisms that allow the system processor or any other system component to bypass the authenticated update mechanism.
"""