UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

Dr. Roy Schestowitz

2013-04-07 19:30:26 UTC
Modified: 2013-04-07 20:01:45 UTC

As much about security as multimedia DRM

Drip

Summary: Antitrust offences with UEFI restricted boot can no longer be defended as an act of enhancing security because keys are leaking

A Fedora developer was the first to embrace Microsoft's restricted boot, so Fedora was usually ahead of the curve when it comes to it and it shows.

Torvalds criticised Red Hat for complicity with Microsoft [1, 2] after he had slammed restricted boot as something that would not improve security. He was right. Keys were inevitably leaked, leaving UEFI restricted boot (which former Novell/SUSE developers too helped promote) in a position where it is only an antitrust issue and nothing to do with computer security, just protectionism. As one new article puts it, the "Linux Lawsuit Shines Uncomfortable Light on UEFI Standard" and a Restricted Boot proponent leads with this news about UEFI signing keys getting leaked:

A hardware vendor apparently had a copy of an AMI private key on a public FTP site. This is concerning, but it's not immediately obvious how dangerous this is for a few reasons. The first is that this is apparently the firmware signing key, not any of the Secure Boot keys. That means it can't be used to sign a UEFI executable or bootloader, so can't be used to sidestep Secure Boot directly. The second is that it's AMI's key, not a board vendor - we don't (yet) know if this key is used to sign any actual shipping firmware images, or whether it's effectively a reference key. And, thirdly, the code apparently dates from early 2012 - even if it was an actual signing key, it may have been replaced before any firmware based on this code shipped.

But there's still the worst case scenario that this key is used to sign most (or all) AMI-based vendor firmware. Can this be used to subvert Secure Boot? Plausibly. The attack would involve producing a new, signed firmware image with Secure Boot either disabled or with an additional key installed, and then to reflash that firmware. Firmware images are very board-specific, so unless you're engaging in a very targeted attack you either need a large repository of firmware for every board you want to attack, or you need to perform in-place modification.

Now we know that UEFI restrictions had nothing to do with security and eventually became just a competition barrier. Rather than cracking we are seeing leaking as the end of UEFI restricted boot's (or 'secure' boot's) reputation. ⬆

Something to Celebrate in Gemini Protocol: More capsules and users join in
Banned evidence: Ars Technica forums censored email predicting DebConf23 death, Abraham Raji & Debian cover-up: Reprinted with permission from Daniel Pocock
Intimidation, Threats, and Bullying Not Tolerated by Techrights: When it comes to our reporting, safety always comes first
A World Without Rules: We're long insisted on better laws and actual enforcement of them (applicable to all, not selectively applied)
IBM's BS (Bait, Switch) Regarding Ways to Stay Onboard: PIPs, RTOs, and forced relocations are just an illusion of choice (or ability to recover)
statCounter Sees Microsoft Windows Falling to New, Unprecedented Lows in Palau: Taking Android into account, Windows is now down to an all-time low of 14%
Google News Lost the Fight to LLM Slop (While Google Itself Sells Slop, Nowadays Under the Name "Gemini"): Many people say that "Google is getting worse"; that's almost an understatement
Links 28/03/2025: AirAsia Trouble Again, UMich Culls All DEI Programs: Links for the day
Gemini Links 28/03/2025: Alexa is for Gullible People, Rant About Feature Overload: Links for the day
The SLAPPs From the Microsoft Strangler (and Sidekick) No Better Than Patent Trolling: one must never settle with trolls
Links 28/03/2025: Last Reminder "to Delete Your 23andMe Data", "UK's First Permanent Facial Recognition Cameras Installed": Links for the day
Microsoft Canonical Continues Its FUD (Fear, Uncertainty, Doubt) Campaign, Reveals Google Too Sponsored It: They're paid-for lies from a Chinese company that takes GAFAM money to write puff pieces about them
Android Rises Above 76% in Mozambique, Leaving Windows in the Dust: Windows may soon be measured as smaller than Apple's iOS
IBM, Red Hat and Microsoft Probably Also Manipulate Metrics (It Helps Con the Shareholders): Wall Street's credibility will depend on enforcement of "checks and balances"
Slopwatch: trendhunter.com and Other Pure Junk From "Google News": The need to vet sources is hardly new; anyone can spew out anything, anywhere. There's a need for vetting.
Gemini Links 28/03/2025: Rewatching The X-Files, Slop Concerns, and NOSTR Censorship: Links for the day
Links 28/03/2025: Australia at Risk, EPO Grants Illegal Patents With Illegal Effect: Links for the day
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, March 27, 2025: IRC logs for Thursday, March 27, 2025
Links 27/03/2025: Obituary to a Shop, Russia Trying to Buy Time: Links for the day
Links 27/03/2025: Slop, Autosuggestions, and Nostr: Links for the day
Apparently Confirmed: IBM Layoffs in Canada Today, Hundreds Affected: Impacting "177 people", says one person, "in Ottawa"
When Windows Was Dominant (1990s) Browser Monopoly Meant MSIE, But Now Google Android is Dominant and the Web in a 'Webapps' Era Works With (or Is Designed for) Chrome-isms: We've been there before
Slopwatch: BetaNews, LinuxSecurity.com, and the Attack on Web Search Using Fake and Likely Plagiarised Pages: Changing a few words here and there won't change the fact that it's not properly authored
Links 27/03/2025: U.S. Honeybee Deaths Reach Record High, Legal Occupation Next in Line After War on Science: Links for the day
Using Courts for 'Revenge' is Always a Losing Strategy: Trying to cause someone you dislike to spend a lot of money
IBM CFO James Kavanaugh Refers to Firing of Almost 10,000 Americans as "Workforce Rebalancing" (Shifting IBM's Centre of Balance to Low-salary Contracts/Countries): The scale of IBM layoffs is getting too large to evade WARN Notices
[Video] Dr. Richard Stallman's Keynote Speech in Kerala Finally Uploaded: In non-free format and proprietary YouTube, but perhaps that's better than nothing
Islands Are Leaving Microsoft Behind, According to statCounter: Android has had a very strong year
EPO Management Fails to Deny That the Office is Discriminating Against Women: Europe's second-largest institution isn't just exceedingly corrupt but also immoral
In Some Countries the Market Share of Vista 11 is Going Down, Not Up: despite being released in 2021
Rumour: Mass Layoffs in IBM Canada Today: Maybe later today some people from Canada will say something firmer and maybe some media will even talk about that
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 26, 2025: IRC logs for Wednesday, March 26, 2025
Gemini Links 27/03/2025: X-Files' "Kill Switch", Orlando, and ASN (Autonomous System Number) 'Hack': Links for the day
Links 26/03/2025: Healthcare Cuts and Turkey's Own "2025 Project" (Culling Opposition): Links for the day
LLM Slopfarm: A Site's Last Incarnation Before Throwing in the Towel, Going Offline Permanently: A lot of coverage that claims to be about Finland is chatbot-generated nonsense or poorly-plagiarised work
Microsoft Canonical Pays IDG to Spread FUD (Fear, Uncertainty, Doubt): this seems a tad exploitative and reminds us of the time Novell kept telling companies that using anything other than SUSE was dangerous
Gemini Links 26/03/2025: GTD, Zenshuu, and Geminispace Community: Links for the day
Links 26/03/2025: Media's Failures, Arrests of Journalists, Limitations of End-to-End Encryption: Links for the day
LLM Slop (Lots of It Spewed Out by Microsoft) Versus Linux: Microsoft is a very, very evil company. It doesn't mind destroying the Web if there's a chance it'll make a buck in the process or mess up people's brains (in Microsoft's favour).
Slopfarms (Sites That Only Ever Publish LLM Slop) Are Killing Google News: pair of slopfarms still propped up by Google News
Microsoft's Serial Strangler's Law Firm Has a Long History of Fronting for People Who Do Bad and/or Illegal Things: Whose terrible idea was this?
Novell and Microsoft Apologist/Booster Bruce Byfield Writing About the FSF is a Recipe for Problems: Totally not shoehorning some agenda
Looking Forward to the Fall of UPC and Revocation of the Unified Patent Court (UPC) Agreement, Which Was Always Illegal and Unconstitutional: We'll try to keep abreast of any progress in this case
Slopwatch: Google News, LinuxSecurity.com, and the General Demise of the Web: many supposed or so-called "news" pages are just spewed out by some chatbots (or tools which help plagiarise original articles without getting caught; detection gets harder)
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 25, 2025: IRC logs for Tuesday, March 25, 2025

UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

Recent Techrights' Posts