EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

04.07.13

UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

Posted in Antitrust, GNU/Linux, Microsoft, Security at 2:30 pm by Dr. Roy Schestowitz

As much about security as multimedia DRM

Drip

Summary: Antitrust offences with UEFI restricted boot can no longer be defended as an act of enhancing security because keys are leaking

A Fedora developer was the first to embrace Microsoft’s restricted boot, so Fedora was usually ahead of the curve when it comes to it and it shows.

Torvalds criticised Red Hat for complicity with Microsoft [1, 2] after he had slammed restricted boot as something that would not improve security. He was right. Keys were inevitably leaked, leaving UEFI restricted boot (which former Novell/SUSE developers too helped promote) in a position where it is only an antitrust issue and nothing to do with computer security, just protectionism. As one new article puts it, the “Linux Lawsuit Shines Uncomfortable Light on UEFI Standard” and a Restricted Boot proponent leads with this news about UEFI signing keys getting leaked:

A hardware vendor apparently had a copy of an AMI private key on a public FTP site. This is concerning, but it’s not immediately obvious how dangerous this is for a few reasons. The first is that this is apparently the firmware signing key, not any of the Secure Boot keys. That means it can’t be used to sign a UEFI executable or bootloader, so can’t be used to sidestep Secure Boot directly. The second is that it’s AMI’s key, not a board vendor – we don’t (yet) know if this key is used to sign any actual shipping firmware images, or whether it’s effectively a reference key. And, thirdly, the code apparently dates from early 2012 – even if it was an actual signing key, it may have been replaced before any firmware based on this code shipped.

But there’s still the worst case scenario that this key is used to sign most (or all) AMI-based vendor firmware. Can this be used to subvert Secure Boot? Plausibly. The attack would involve producing a new, signed firmware image with Secure Boot either disabled or with an additional key installed, and then to reflash that firmware. Firmware images are very board-specific, so unless you’re engaging in a very targeted attack you either need a large repository of firmware for every board you want to attack, or you need to perform in-place modification.

Now we know that UEFI restrictions had nothing to do with security and eventually became just a competition barrier. Rather than cracking we are seeing leaking as the end of UEFI restricted boot’s (or ‘secure’ boot’s) reputation.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Privacy, Spying on Congress, Drones, Ukraine Intervention, and More

    Links for the day

  2. A Parade of (GNU/)Linux-powered Mobile Operating Systems

    Links for the day

  3. Links 6/3/2014: Games

    Links for the day

  4. Links 6/3/2014: Applications

    Links for the day

  5. Links 6/3/2014: Instructionals

    Links for the day

  6. GoDaddy, Go Away: How This SOPA Backer is Censoring the Internet Despite SOPA's Death

    Political censorship now in the West, but overlooked by statistics that omit domain-level cutoffs

  7. Bitcoin Increasingly Adopted, Increasingly Smeared

    A look at one of the latest smears against Bitcoin, courtesy of Britain's Internet Watch Foundation (IWF)

  8. You Know That Microsoft is Finished When Even Rupert Murdoch Dumps Microsoft

    Rupert Murdoch's special relationship with Microsoft and Bill Gates seems to be coming to an end

  9. Patent Stacking by Microsoft, Apple, Nokia et al. Makes Android/Linux More Expensive, Less Competitive

    The return of discussions about patent stacking and the role played by the anti-Android camp

  10. Panic Over Transport Layer Security (TLS) Flaw Which is Already Patched

    What the media is not really telling us about the GnuTLS vulnerability

  11. An Android World: Limitless Expansion in Tablets, Smaller Devices, and New Hardware

    Links for the day

  12. This Week's News: Civil Rights, Politics and War

    Links for the day

  13. Ubuntu Rising: Desktops, Servers, Phones, and Beyond

    Links for the day

  14. News About Lesser Known Desktop Environments

    Links for the day

  15. GNU/Linux Everywhere: New Stories, More Evidence

    Links for the day

  16. Linux News: 3.14 RC5, LTSI v3.10, kGraft...

    Links for the day

  17. GNOME News: GNOME 3.12, Wayland, Numix, GTK+...

    Links for the day

  18. KDE News: New Releases, Qt 5.3 Preview, Indian Event, End of Nepomuk, Steam Inclusion, and Success Down Under

    Links for the day

  19. Skype Chief Executive Quits Microsoft Amid NSA Scandals

    A day or so after Yahoo was revealed to have been used to illegally spy on users' webcams the former Skype chief executive resigns (effective immediately)

  20. Microsoft's Strategy is to Hurt the Competitors, Not Create Products

    An appointment of Penn to the role of "chief strategy officer" says a lot about Microsoft's strategy

  21. Bill Gates' Pet Patent Troll (Intellectual Ventures) is Seemingly Collapsing But Trying to Disrupt the Government With a PAC

    An update on Nokia, Intellectual Ventures, and other proxies of the Microsoft camp that pass patents for trolls who attack Android/Linux, FOSS at large, and the industry as a whole (everyone but Microsoft)

  22. News Roundup: Rights and Politics

    Today's headlines, including Ukraine analysis, the return of drone strikes, and views from Venezuela

  23. Links 3/3/2014: Games

    Links for the day

  24. Links 3/3/2014: Applications

    Links for the day

  25. Links 3/3/2014: Instructionals

    Links for the day

  26. Snowden Leaks Confirm That Microsoft Xbox is Target for In-House Camera Surveillance, Not Just Chat Surveillance

    Revelations based on hard documents, clearly stating policy and intent, remind everyone that no product of Microsoft is safe from criminal scooping

  27. If Ford Wants Open Source Community, It Should Embrace Neither Microsoft Nor Blackberry

    Ford should avoid Blackberry's QNX OS and instead go for a Linux-based OS

  28. Embedded Linux News Roundup

    News about Linux devices and embedded Linux, categorised for easier digestion

  29. The Continued Occupation of US 'Trade' by Microsoft- and Monopolies-backed Entities Like BSA

    Corruption in the process which synthesises draconian laws whose only purpose is to protect monopolies, including the copyright monopoly

  30. Open Source Initiative, Free Software Foundation, SFLC, Red Hat and Others Fight Against Software Patents at SCOTUS Level

    The debate about software patents in the United States is back because many Free software advocacy groups and companies (not Open Invention Network though) are getting involved in a Supreme Court (SCOTUS) case

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts