Bonum Certa Men Certa

[Video] UEFI Insecure Boot: Another Nail in the Coffin

posted by Roy Schestowitz on Jul 29, 2024

Video download link | md5sum dd9c634b1416f67902406317d73b9009
Insecure Boot Strikes Again
Creative Commons Attribution-No Derivative Works 4.0

Preview for Insecure Boot Strikes Again

THE small bunch (borderline fringe) of 'Secure Boot' Microsofters are not talking about the latest blunder. They just have nothing to say in their defence. They've been proven wrong. So let's discuss the matter. We don't just let it pass.

12 years ago they told us adoption of 'bootlocks' is fine and that this is perfectly OK. To oppose this would be to oppose security. Well, patience is a virtue here because over the past 12 years we've repeatedly been proven right and we can howl from rooftops now. The lesson is, do not believe anything Microsofters say. As an associate put it recently, there will "be a few long-form series later on in the indefinite future on the details."

The time seems right to respond to over a decade of mindless propaganda from Microsofters. They're hired professional censors in an effort to suppress information and intimidate women.

Some have dubbed this latest scandal "InSecure Boot" and security gurus are deeply concerned ("This isn’t good"). IDG said:

Security research firm Binarly reports that leaked cryptographic keys have compromised hardware from several major vendors in the PC industry, including Dell, Acer, Gigabyte, Supermicro, and even Intel. Eight percent of firmware images released in the last four years are compromised, with 22 untrusted keys discovered immediately.

This is also discussed in some GNU/Linux forums. One commenter said: "It's security done by Microsoft... that's all that needs to be said, eh?" Another one said: "Yeah, enough said. I'm grateful that I was able to switch off secure boot on my new T14 Thinkpad to install Linux. I'm glad that Windows isn't on my home LAN."

This additional report says "Secure Boot key compromised in 2022 is still in use in over 200 models — an additional 300 more use keys are marked ‘DO NOT TRUST’". To quote from the summary:

>Software security firm Binarly discovered that over 200 device models used a compromised security key, while an additional 300 more used default test keys shared with nearly all of AMI's customers.

Finally, for the time being, this one mentions another "brand name" for this issue:

A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits.

No matter what one calls it - e.g. "PKfail" or "InSecure Boot" - this is a black eye to Microsofters.

Iris Flower Art Vintage

We already added some of these stories to Daily Links or had them linked to the originals in the sister site, but on Saturday we did a video about it. The first piece that everyone linked to (also in IRC) was Ars Technica's and it sort of speaks for itself. An associate called for "a Tomi Ahonen style "I told you so" article," arguing that "even short series is warranted because the public had been warned in detail in advance of just these kinds of problems."

We've repeatedly written about this since 2012.

"There are other problems too which have manifested," the associate said, "this is not the first."

There are also more serious warnings (warranting further precautions) which have not yet come to pass, so the other shoe has yet to drop - so to speak - on UEFI.

The politics which the UEFI patches and shim allowed Microsoft can be re-examined in this context.

Microsoft is meanwhile pushing the media to pretend no option exists other than Windows (and Office) for new laptops and desktops. What is this, 2004? Citing this as an example, the associate said "Microsoft pursues trapping people into a the sunk cost fallacy to prevent upgrading the OS to Linux or, worse from their perspective, using open formats for documents."

The way Microsoft sees things, anything other than Windows is not trustworthy or is "piracy". People who object to Windows are being bullied and vilified, even if the facts are on their side all the time.

Other Recent Techrights' Posts

Microsoft's Windows is a Niche Operating System in Africa
African nations aren't a large contributor to Microsoft's income, but if many African nations move away from Windows, then the monopoly is at risk
Gemini Links 19/06/2025: Unix Primitivism, Zine Club, and Gemini Protocol Turns 6 at Midnight
Links for the day
 
Common Mistake: Believing Social Control Media Will Document Your Writings/Thoughts and Search Engines Like Google Will Help You Find These
Many news sites wrongly assumed that posting directly to Twitter would be acceptable
The Manchester Bees and This Hot Summer
We have had a fantastic week so far this week
Gemini Protocol Enters Its Seventh Year, Growth Has Accelerated!
Maybe in June 20 2026 there will be over 3,500 active capsules?
Mastodon and the Fediverse Have an Issue: Liability for Content (Even in Other Instances) and Costs
self-hosting is the only logical path forward
Why Microsoft and Its 'Hey Hi' (Slop) Frenzy Fail While Sinking in Deep, Growing Debt
Right now, like Twitter around the time it was sold to MElon, "open" "hey hi" is a big pile of debt with a lot to pay for that debt (interest payments)
Europe is Leaving Microsoft, the Press Coverage Isn't Sufficiently Helpful
The news is generally positive, but the press coverage leaves so much to be desired
Slopwatch: Linuxsecurity, BetaNews, and Linux Journal
slippery slope
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 19, 2025
IRC logs for Thursday, June 19, 2025
Gemini Links 20/06/2025: Gemini Protocol Turns 6!
Links for the day
Links 19/06/2025: Ghostwriting Scam and Fentanylware (TikTok) Buying Time
Links for the day
Links 19/06/2025: WhatsApp Identified as Assassination 'Crosshairs', Patreon Now Rips Off People Even More
Links for the day
"Told You So": Another Very Large Wave of Microsoft Layoffs Now Confirmed in Mainstream Media
So we were right to believe the rumours, based on the credibility of prior such rumours
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 18, 2025
IRC logs for Wednesday, June 18, 2025
Gemini Links 18/06/2025: Magit and Farming
Links for the day
Slopwatch: BetaNews is Now a Slopfarm (Like Linuxsecurity) and Google News is Overwhelmed by Slopfarms
The Web is bad
Links 18/06/2025: SCOTUS Decision on Fentanylware (TikTok) Still Ignored, 4.5-Day Work Weeks
Links for the day
Links 17/06/2025: Windows TCO and G7 Rifts
Links for the day
The Right to Know and the Freedom to Report on Crime (at the Higher Echelons)
I'd like to do the same thing for the next 20 years
BetaNews Appears to Have Fired All Of Its Staff
Even serial sloppers
After the Web Becomes Slopped to Death
A lot of people are rightly fed up with the "modern" Web
Gemini Protocol Turns 6 on Friday
Active (online) Gemini capsules are estimated by Lupa at over 3,000
Like Most Social Control Media, Microsoft LinkedIn is Collapsing
One reason for Microsoft acquisitions is debt-loading, i.e. offloading and burying its debt
Microsoft is Losing Its Richest Clients
Unlike some very poor countries, Germany and the EU are a considerable source of income to Microsoft
Proprietary Means Not Secure
Proprietary software tends to rely on secrecy, not good design
Slop in 'AI' Clothing is a Passing Fad, We'll Get Past It (Like Blockchain Before That)
Many people cheat in exams using slop and there are professionals that try using slop as a "shortcut"
GNOME Does Not Campaign Against Microsoft, KDE Does
It's good to see that KDE is still active in promotion of Free software - a term that it uses
Slopwatch: BetaNews, Linuxsecurity, and Other Prolific Slopfarms
name and shame the sites that establish such proliferation of slop
Gemini Links 18/06/2025: Birch Lake and Loon Pond
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 17, 2025
IRC logs for Tuesday, June 17, 2025