Bonum Certa Men Certa
IRC Proceedings: March 31st, 2013-April 6th, 2013 | Red Hat et al. (Including Android's Guardian) Complain About Companies That Attack FOSS With Patents, Apple Sites Quote 'FOSS Patents' Spin on Yet Another Loss Against Android

UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

As much about security as multimedia DRM

Drip



Summary: Antitrust offences with UEFI restricted boot can no longer be defended as an act of enhancing security because keys are leaking

A Fedora developer was the first to embrace Microsoft's restricted boot, so Fedora was usually ahead of the curve when it comes to it and it shows.



Torvalds criticised Red Hat for complicity with Microsoft [1, 2] after he had slammed restricted boot as something that would not improve security. He was right. Keys were inevitably leaked, leaving UEFI restricted boot (which former Novell/SUSE developers too helped promote) in a position where it is only an antitrust issue and nothing to do with computer security, just protectionism. As one new article puts it, the "Linux Lawsuit Shines Uncomfortable Light on UEFI Standard" and a Restricted Boot proponent leads with this news about UEFI signing keys getting leaked:

A hardware vendor apparently had a copy of an AMI private key on a public FTP site. This is concerning, but it's not immediately obvious how dangerous this is for a few reasons. The first is that this is apparently the firmware signing key, not any of the Secure Boot keys. That means it can't be used to sign a UEFI executable or bootloader, so can't be used to sidestep Secure Boot directly. The second is that it's AMI's key, not a board vendor - we don't (yet) know if this key is used to sign any actual shipping firmware images, or whether it's effectively a reference key. And, thirdly, the code apparently dates from early 2012 - even if it was an actual signing key, it may have been replaced before any firmware based on this code shipped.

But there's still the worst case scenario that this key is used to sign most (or all) AMI-based vendor firmware. Can this be used to subvert Secure Boot? Plausibly. The attack would involve producing a new, signed firmware image with Secure Boot either disabled or with an additional key installed, and then to reflash that firmware. Firmware images are very board-specific, so unless you're engaging in a very targeted attack you either need a large repository of firmware for every board you want to attack, or you need to perform in-place modification.


Now we know that UEFI restrictions had nothing to do with security and eventually became just a competition barrier. Rather than cracking we are seeing leaking as the end of UEFI restricted boot's (or 'secure' boot's) reputation.

IRC Proceedings: March 31st, 2013-April 6th, 2013 | Red Hat et al. (Including Android's Guardian) Complain About Companies That Attack FOSS With Patents, Apple Sites Quote 'FOSS Patents' Spin on Yet Another Loss Against Android

Recent Techrights' Posts

Too Hard for IBM to Keep Everybody Silent About How the Company Has Gone South
IBM is busy trying to keep disgruntled or ex workers silent using NDAs
 
Gemini Links 05/04/2026: Playing with Hyprland and Migrating Antenna Filters
Links for the day
Links 05/04/2026: "Confidential Computing" as Proprietary Bundle of False Promises and "The Web Is an Antitrust Wedge"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, April 04, 2026
IRC logs for Saturday, April 04, 2026
SLAPP Censorship - Part 34 Out of 200: The Necessity of Transparency, Illuminating Garrett's and Graveley's 'Tag-Team' Act, Misusing the British Docket (From Far Away in America) in Efforts to Hide Bad Behaviour
Transparency is paramount
Red Tape at Red Hat (IBM)
Now the guiding principles are the whims and moods of people who peddle buzzwords to manipulate IBM's share prices
The So-called 'AI' (Slop) Companies Will Have the Plug Pulled
It can vastly accelerate this bubble's implosion
Dr. Andy Farnell on a "Technology Plan B"
based around Free software
Windows Lows Across the Mediterranean
Judging by this month's data from statCounter
The Future of the Net is 'in Space'
Gemini Protocol is growing and GemText remains the same, so it's made to endure
Linux Foundation Profits From Scams, Fraud, and Grifting
Don't be misled by the name "Linux Foundation"
Microsoft Transmits Malware and Back Doors to GNU/Linux Servers, Media Points the Finger at Everyone But Microsoft's Servers
Is Microsoft too poor to vet and check what it hosts and transmits?
Gemini Links 04/04/2026: "Fuzz Guy", "Reusing Old Computers with Arch Linux and DWM", and Bubble v10.0 Released
Links for the day
Links 04/04/2026: eBay Scam, "Music Publishers’ X Copyright Lawsuit Officially on Pause"
Links for the day
Links 04/04/2026: Social Control Media Verdict and Bans, Whistleblower (Axel Rietschin) Explains How "Microsoft Vaporized a Trillion Dollars"
Links for the day
Reaching the End/Event Horizon of LLM Slop
Are we moving towards a post-LLMs world?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, April 03, 2026
IRC logs for Friday, April 03, 2026
Gemini Links 04/04/2026: STXGE and Computer Relationships
Links for the day
SLAPP Censorship - Part 33 Out of 200: Garrett Sued by My Wife and I, Then His Microsoft Acquaintance Files Another Lawsuit and Our Webhost Receives Legal Threats Too
Today we also show how our solicitor Mark Lewis responded to it
Good Friday, Leaving IBM for Good
Even on holidays
Links 03/04/2026: Rejection of More Software Patents and Social Control Media in Several Continents
Links for the day
Malware in Proprietary Software - Latest Additions by Rob Musial
Original published yesterday in gnu.org
Visual Evidence/Documentation of IBM Dying Like the Dinosaurs
IBM has many of these giant white elephants lying around, with some getting demolished
Links 03/04/2026: USPTO’s Latest Greenwashing and Internet Blackouts Impact Journalists in War Zones
Links for the day
SLAPP Censorship - Part 32 Out of 200: Garrett Made Spurious Requests (Later Withdrawn) the Same Week Someone He Later Spoke to by E-mail Sent Threats to Our Webhost
The "plot thickens" because there's a multi-party tag-team act, as confirmed by Garrett after he had sworn on the Bible
IBM is a Dying Company, Nowadays It Kills Red Hat With Slop
when your last day is a national holiday in IBM's country
"Independence Drives" and Community-Run Sites
Independence in reporting is a much-valued trait
When Charlatans Are Only Good at Losing Money and Storytelling (e.g. About Investment in Them)
Wait till a a barrel of oil costs $300
What Apple Fans Are Missing
Apple is a bad company
The "Pale Blue Dot" Moment Had Returned
To many people, the "bitter-sweet" observation of how small we are
Saudi Arabia Does Not Rely Much on Microsoft/Windows
Putting aside politics, this is good for Free software
Almost 12 Years of Exposing Corruption in Europe's Second-Largest Institution
The "unready" President is now an abandoned President
Easter Moon Mission and Its Reminder of IBM's Demise
A lot of NASA operations now rely on GNU/Linux
When Power is Scarce and GNU/Linux Has Power
In Cuba, GNU/Linux has long enjoyed high adoption rates
Don't Totally Dismiss the 'Survivalists'
'Survivalists' or similar terms are used to describe a particular mindset of people who prepare for some really awful scenarios
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, April 02, 2026
IRC logs for Thursday, April 02, 2026
A Much Better Use of Fuel Than Slop
Something positive for a change
Hoping for Peace
There are still many things to be enjoyed, including nature and kind people
Gemini Links 03/04/2026: "Slide Rule Triple Multiplication" and End of "Picture Pages"
Links for the day
Rumours of Microsoft Layoffs This Season
Just how much trouble is Microsoft in at this point?
GNU/Linux Measured at All-Time High in Sweden
Can 'influencers' have played a role