[personal profile] mjg59
Since there are probably going to be some questions about this in the near future:

The UEFI secure boot protocol is part of recent UEFI specification releases. It permits one or more signing keys to be installed into a system firmware. Once enabled, secure boot prevents executables or drivers from being loaded unless they're signed by one of these keys. Another set of keys (Pkek) permits communication between an OS and the firmware. An OS with a Pkek matching that installed in the firmware may add additional keys to the whitelist. Alternatively, it may add keys to a blacklist. Binaries signed with a blacklisted key will not load.

There is no centralised signing authority for these UEFI keys. If a vendor key is installed on a machine, the only way to get code signed with that key is to get the vendor to perform the signing. A machine may have several keys installed, but if you are unable to get any of them to sign your binary then it won't be installable.

This impacts both software and hardware vendors. An OS vendor cannot boot their software on a system unless it's signed with a key that's included in the system firmware. A hardware vendor cannot run their hardware inside the EFI environment unless their drivers are signed with a key that's included in the system firmware. If you install a new graphics card that either has unsigned drivers, or drivers that are signed with a key that's not in your system firmware, you'll get no graphics support in the firmware.

Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.

A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.

Now, obviously, we could provide signed versions of Linux. This poses several problems. Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith. Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by ever OEM.

There's no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code. However, experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market. It's almost certainly the case that some systems will ship with the option of disabling this. Equally, it's almost certainly the case that some systems won't.

It's probably not worth panicking yet. But it is worth being concerned.
Page 2 of 2 << [1] [2] >>

I already hate windows 8 :-P

Date: 2011-09-22 01:57 am (UTC)
From: (Anonymous)
Windows 8 is going to be as bad as Vista, as the CEO from mSoft has said out loud! And it comes with this "no, you cannot use dual book, only my new system" tool.

So, what are the rest of you waiting to start using Linux 100% of the time!?

Re: I already hate windows 8 :-P

Date: 2011-10-28 08:16 pm (UTC)
From: (Anonymous)
"So, what are the rest of you waiting to start using Linux 100% of the time!?"

For Linux to do what I want 100% of the time. Windows currently does this. Please give me a more compelling reason to switch OS other than the fact you hate Microsoft.

I call double FUD here.

Date: 2011-09-22 10:44 am (UTC)
From: (Anonymous)
Uh, WTF are you all talking about? No, you don’t need to be concerned about anything, because apparently no one here knows what they are talking about. Linux supports the TPM just about as much as Windows does. Yes, there is going to be new stuff in TPM 2.0, but everyone just sounds full of FUD about something they obviously are inexperienced with.

When you enable a TPM for the first time, it starts off entirely keyless. An operating system must initialize & seize ownership over the TPM and start generating a chain of trusts. After this, the OS itself places keys inside the TPM. To date, these are private keys generated by your operating systems, though perhaps the calculations are offloaded to the TPM. Absolutely nothing will prevent you from rearming the TPM, dumping the keys it knows, installing a new OS, and mounting new keys generated by that OS.

“Secure boot” as it is in Windows Vista and 7, is the TPM chip examining specific pieces of data about the operating systems last known trusted hardware state, and a copy of the decryption key for the OS volume. The TPM can be configured in a wide variety of ways through the operating system to monitor for changes, and can also be configured to ignore any change you feel doesn’t matter. Has your computers intrusion detection been triggered? Yes=Block Key Release / No Secure OS Boot. Has your computers firmware configuration or version changed? Yes=Block Key Release / No Secure OS Boot. Was the OS kernel changed without informing the TPM first? Yes=Block Key Release / No Secure OS Boot. Etc.

No Secure OS Boot means that the encrypted, protected OS partition cannot be decrypted without a recovery key, because the rest of the hardware can no longer prove it is in a known valid trusted state. This means the TPM will refuse to divulge the keys require to decrypt the secure OS partition. Any other OS can boot that does not require the TPM unleash its decryption keys will still work just fine. However, those unknown unprotected operating systems will not be able to access the encrypted volume without the recover key and password, which are both required to tell the Secure OS to accept hardware level / MBR level changes as valid.

The fact is, *you*, if you are the owner of the computer in question, *want* your operating system to check for these changes, because it will protect your data from offline attacks. If anything, the only piece of information I may have been able to decipher here is that perhaps the TPM 2.0 supports more than one secure OS environment being initialized at the same time, and that there are going to be a bunch of new PCR validation options that end-users can choose to enable to form a stronger requirement before the TPM trusts the hardware enough to release decryption keys.

So far as I’m concerned, the folks who don’t want an OS/TPM checking for these changes either doesn’t know what they are on about, or are possibly the enemy an end user should be protecting themselves from.

Re: I call double FUD here.

Date: 2011-09-22 11:04 am (UTC)
From: (Anonymous)
^Protects you *and* your data from offline attacks. After all, if you’re not home and someone changes your boot loader, TPM will catch it. Along with online attacks that have successfully attacked your OS, as when TPM fails something major has happened, particularly if you did nothing that may have caused it.

The only real flaw with TPM right now is how non-obvious it can be to determine what exactly caused the TPM to fail. It’s not in your face once you boot with a recovery key, so it can be difficult to know if it was a false positive without a lot of hunting.

If you know you didn't cause your TPM to fail, it then becomes likely that either an attack against you has been successful, or you've had a hardware/software failure.

Re: I call double FUD here.

From: (Anonymous) - Date: 2011-09-22 11:07 am (UTC) - Expand


Date: 2011-09-22 11:29 am (UTC)
From: (Anonymous)
I can't wait for the anti-trust case against this. Popcorn is at the ready.

dual booting Jolicloud

Date: 2011-09-22 04:24 pm (UTC)
From: (Anonymous)
you are wrong, read what ms devs have to say...

Re: dual booting Jolicloud

From: (Anonymous) - Date: 2011-09-24 12:47 am (UTC) - Expand

What about removeable media boot?

Date: 2011-09-22 04:39 pm (UTC)
From: (Anonymous)
Getting beyond the dual-boot scenario for just a moment, I wonder how this will affect an OS booted from some kind of removeable media. As a PC technician, I have several CDs/DVDs that are used for recovery/repair purposes. Some boot Linux and some boot Windows. Looks like these will be unusable on Win 8 logo machines?

Date: 2011-09-22 07:55 pm (UTC)
From: (Anonymous)
One of the things which will stop this is the corporate world, they do imaging, normally what they do is to toss the OEM windows cd's or dvd's in the bin, and push their own image on the computers. If they no longer are able to do that, then this will not fly... In someways one can ague that it's actually a brilliant idea, on the other hand, one could say that they seam more interested in alienating their customers than anything else.

Date: 2011-09-27 06:07 am (UTC)
From: (Anonymous)
Certainly when consumer PC's and notebooks, which will obviously have Windows-8(home version)preinstalled, have this UEFI secure boot, I expect OEM's will not see need to build a disable setting for this "feature" but business models may as this is needed to install the corporate's volume-image.

I then will either buy a business-line system or a system without Windows. If Windows does not start with this feature enabled I will definately and permanently switch to FreeBSD, Linux, ReactOS and or Haiku.

flash the bios

Date: 2011-09-23 04:08 am (UTC)
From: (Anonymous)
there's always the solution of flashing the bios with some jtag of some sort... and install something useable in there.

Re: flash the bios

Date: 2011-09-23 06:37 am (UTC)
From: (Anonymous)
The check is likely to be done in hardware


Date: 2011-09-23 09:39 pm (UTC)
From: [identity profile] tomiro.myopenid.com
Has anyone on the bandwagon realized the monumental amount of e-wast this could create?

Think of all the computers that shipped with Windows 2000, 98SE, or ME on them. If they all used secure boot how many of them would still be useful now that Microsoft no longer has a working solution for those machines? But because other OS solutions were not locked out, we have been able to create open source solutions like Replacement for Windows (R4W) specifically to fill that void and keep these still useful machines from becoming e-waste at a point in time when we don't have a very good track record of responsible disposal.

- CBS News: http://www.cbsnews.com/video/watch/?id=4586903n
- R4W : http://webpath.net/it/r4w/

What about VM?

Date: 2011-09-24 08:37 am (UTC)
From: (Anonymous)
Nowadays the world is moving to the cloud, and a long time already, there are a lot of companies that are using some sort of virtualization on their environments, such as development/testing, etc.
So how would be one able to install Win8 for testing purposes on a virtual machine/cloud instance?


Date: 2011-09-24 01:20 pm (UTC)
From: (Anonymous)
Even Apple doesn't do that. And Apple manufactures both the hardware and software, so it's easier to Apple to do something like that, but they don't - yet.

Date: 2011-09-25 11:34 am (UTC)
From: (Anonymous)
It doesn't seem unreasonable to try to eliminate malware loaders.

Why didn't linux get into the UEFI forum before now? Here's a statement of intent from 2005 http://www.uefi.org/news/UEFI_PR1.0.pdf - this isnt something which has should be a surprise to OS developers.

Encription and Export Law

Date: 2011-09-26 11:40 am (UTC)
From: (Anonymous)
I wonder. Since most PCs are now being manufactured in
China and there are laws regarding encriptions,
If microsoft forces this, PC venders are going to have
a lot of headaches just trying to import or export a PC
to a certain countries.
From: (Anonymous)
Sou usuário Linux, e

Chego a não acreditar em tantas burrices da microsoft -> (merda soft).

E não sei porquê que fabricantes idiotas 'de hardware' aceitam restringir seus produtos para serem 'Somente' utilizados com a porcaria do windows logo.

Sei que isso tem haver com dinheiro..... mas será que os fabricantes iriam lucrar mais se seus produtos fossem de 'Utilização Livre'? Sim! Com certeza venderiam mais hardwares!

A única coisa que eu apoio sobre a microsoft é o X-BOX 360.

'Isso é somente porque o X-BOX 360 Utiliza Hardware da AMD em seu console!'


Date: 2011-10-02 07:16 am (UTC)
From: (Anonymous)
If customer doesn't accept the EULA, he gets a refund. Now, what will the customer do with a non o/s system, or non Linux friendly system? Whats the EULA for in a market that turned to be 100% M$?

There's many people who build their own desktop and install Linux in them. Its too bad if the main components will need windows to boot.

Will M$ be able to convince US courts and authorities that this is for economical (virus spread) and employment (safeguard people jobs due to windows piracy) reasons ?


Date: 2011-10-05 11:57 am (UTC)
From: (Anonymous)
Keep it [u]switchable (if possible by law) on ALL machines[/u] so one decides himself.

i fear problems with the new boot

Date: 2011-10-21 03:39 am (UTC)
From: (Anonymous)
I already keep the boot experience to a minimum, typically going one or two weeks between boots - generally I boot only when something went wrong (OK, when an OS patch requires a reboot). Most of the time, when I reboot, I have a computer that is either not fully functional and I am trying to fix it, or a computer on which I have just upgraded the hardware or the software and the system does not match what Windows thinks it is - so again it is not fully functional.

I don't want a pretty boot - I want a boot that works when the mouse/video card driver/network driver/whatever is not working right. This means a low-tech, basic boot that does not use any of the advanced/pretty capabilities that might not be working at all. I don't want seamless and pretty logo - I want the ugly DOS type messages that give me a chance to figure out what went wrong. This new boot system is very pretty and very nice to use on the rare occasions when I am booting a perfectly functional PC, say when I turned it off because I was away for several days. Otherwise, I am really afraid that it will fail just when I need it.

Microsoft BUILD conference

Date: 2011-10-24 07:14 am (UTC)
From: (Anonymous)
Microsoft BUILD conference Videos


Microsoft BUILD Conference Pictures and information


UEFI can be bypassed

Date: 2011-11-02 10:01 pm (UTC)
From: [identity profile] jcubic.myopenid.com
I don't know exactly how this thing will work but, you write that "An OS with a Pkek matching that installed in the firmware may add additional keys to the whitelist", so users will be able to add new Pkek from installed OS and create (run a program that will do this) a patch with hardcoded Pkek for the bootloader (and maybe the kernel in future). This will be patch for the binary so it won't affect the source. But users will need to install proprietary OS first. And also this don't prevent boot malware bacause the same thing can do malware if infect the OS that have Pkek.

So to install GNU/Linux in worst scenario you will need:
1. Create an iso which is signed (add Pkek for the iso) burn it.
2. Boot from that CD
3. Install GNU/Linux
4. Boot windows
5. Add Pkek and Create binary patch for for bootloader with this Pkek
6. Patch bootloader
7. Boot GNU/Linux from patched bootloader
8. Delete Windows
9. Be Free

And also booloader can have hardcoded standard Pkek (something like 00000000000, if allowed) and only run from windows simple program that will add this to whitelist so Grub can run.

Re: UEFI can be bypassed

From: [identity profile] jcubic.myopenid.com - Date: 2011-11-12 02:46 pm (UTC) - Expand

Enterprise Users and Win 7

Date: 2012-01-15 04:15 pm (UTC)
From: (Anonymous)
Many enterprise Windows users are just rolling out Win 7 now. They expect to be using it for at least 5 years, and possibly until 2020. If they need to replace hardware, it is going to need the ability to disable secure boot.

They want a war, we got a war!

Date: 2012-06-01 11:49 pm (UTC)
From: (Anonymous)

Locked bootloader????


What the F***'in BULLS**T

Just like Apple and idevices and Motorola locking their bootloader

All of the hackers out there! keep them old computers

All the people who can probably fake sign the certificate, be prepared!

We are going to bypass this once and for all!

If this is going to happen, ...

F*** You Microsoft!!!!!!!!!!

Think you are all bad with your rich, snotty, bratty, greedy self!??

Haogh? Haogh? Haogh?

Well prepare for war!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Any One who wants to join me email me at:


We will call ourselfs the TFG - The Tech Freedom Group

~ TCF38012


Update: They want a war, we got a war!

Date: 2012-06-02 12:06 am (UTC)
From: (Anonymous)

Golly Dang, How much requirements are you expecting?

But there is some awesome ones that make me want to buy it, like GPS

But anyways, Still mad about the secure booting process

One more requirment that can stop this war, a switch of the booting process!

Secure Booting on or off

Update - No War: They want a war, we got a war!

Date: 2012-06-02 12:21 am (UTC)
From: (Anonymous)
If a user wants to boot an image that does not pass signature verification, they must explicitly disable Secure Boot on the target system.

So There has to be a switch.

If it comes out with a switch, then microsoft, I am sorry about what i said.

@mjg59 Suggestion: Calm Your Guests down by updating this article.

UEFI may not be secure.

Date: 2012-06-16 06:12 pm (UTC)
From: (Anonymous)
According to Security Experts, UEFI will be a security nightmare. So you believe you will be more secure. WRONG. UEFI allows the boot loader to communicate to the BIOS unlike the current bios..

This level of communications is what virus writers have been waiting for. The BIOS can now be exploited. Virus could be loaded on your Video card or any hardware with firmware. Your CPU micocode could become corrupted forcing you to shell out $100 to $3000 depending on what type of cpu you use.

If you want to trust your computer to Microsoft and the creators of UEFI go ahead.. However I advise you keep enough money around to replace your whole computer.
Page 2 of 2 << [1] [2] >>


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Expand Cut Tags

No cut tags