UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

Dr. Roy Schestowitz

2013-04-07 19:30:26 UTC
Modified: 2013-04-07 20:01:45 UTC

As much about security as multimedia DRM

Drip

Summary: Antitrust offences with UEFI restricted boot can no longer be defended as an act of enhancing security because keys are leaking

A Fedora developer was the first to embrace Microsoft's restricted boot, so Fedora was usually ahead of the curve when it comes to it and it shows.

Torvalds criticised Red Hat for complicity with Microsoft [1, 2] after he had slammed restricted boot as something that would not improve security. He was right. Keys were inevitably leaked, leaving UEFI restricted boot (which former Novell/SUSE developers too helped promote) in a position where it is only an antitrust issue and nothing to do with computer security, just protectionism. As one new article puts it, the "Linux Lawsuit Shines Uncomfortable Light on UEFI Standard" and a Restricted Boot proponent leads with this news about UEFI signing keys getting leaked:

A hardware vendor apparently had a copy of an AMI private key on a public FTP site. This is concerning, but it's not immediately obvious how dangerous this is for a few reasons. The first is that this is apparently the firmware signing key, not any of the Secure Boot keys. That means it can't be used to sign a UEFI executable or bootloader, so can't be used to sidestep Secure Boot directly. The second is that it's AMI's key, not a board vendor - we don't (yet) know if this key is used to sign any actual shipping firmware images, or whether it's effectively a reference key. And, thirdly, the code apparently dates from early 2012 - even if it was an actual signing key, it may have been replaced before any firmware based on this code shipped.

But there's still the worst case scenario that this key is used to sign most (or all) AMI-based vendor firmware. Can this be used to subvert Secure Boot? Plausibly. The attack would involve producing a new, signed firmware image with Secure Boot either disabled or with an additional key installed, and then to reflash that firmware. Firmware images are very board-specific, so unless you're engaging in a very targeted attack you either need a large repository of firmware for every board you want to attack, or you need to perform in-place modification.

Now we know that UEFI restrictions had nothing to do with security and eventually became just a competition barrier. Rather than cracking we are seeing leaking as the end of UEFI restricted boot's (or 'secure' boot's) reputation. ⬆

Ubuntu Started as Free With ShipIt, Now It Becomes Payware That Exploits Debian Volunteers (Slaves): "Ubuntu" the distro now replaces the GNU components inherited from Debian with a bunch of Microsoft GitHub (proprietary) things that reject reciprocal licences
Last Night The Register MS Published a Fake Article. It Mentioned "AI" 27 Times.: Paid-for nonsense! [...] What's left of once-respectable news sites actively harms society
Links 27/03/2026: Google Executive (GAFAM, US, Surveillance) "Named the New BBC Head", Prominent Climate Scientist Resigns From NASA: Links for the day
Gemini Links 27/03/2026: "Being Busy" and "Posting Again": Links for the day
GNOME Has No "Real" Executive Director, Only an IBM (Perma)'Interim' One With No Openings in Sight: GNOME is having financial problems
Microsoft Experiencing "Leadership Exodus": Microsoft's current position is no better than Meta's (Facebook)
GNU/Linux Distros Should Reject "Age Verification" and Uphold Software Freedom for Users: It's not about protecting children
Slop Plunge: we can already "smell the blood" of the so-called 'AI industry'
IBM Media Puff Pieces While Layoffs Go On and On: Has the PR industry absorbed the press?
Media Says Microsoft Hiring Freezes, But There Are Already Microsoft Layoffs: They want the public to talk about Microsoft as if it's just not hiring when it is actually firing
Richard Stallman lynchings: Sruthi Chandran splitting Debian: Reprinted with permission from Daniel Pocock
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Thursday, March 26, 2026: IRC logs for Thursday, March 26, 2026
Links 26/03/2026: Tor Relay at National Taiwan Normal University, Copyright Hammers Fall: Links for the day
Gemini Links 26/03/2026: "The War of the Worlds" and "sometimes science is just the dumbest thing": Links for the day
The World Wide Bots: The shape of the Web is so bad that bots exceed humans in some places
Links 26/03/2026: Solicitors Regulation Authority (SRA) Closes 101 Law Firms in 2 Years, "Please Compensate the Work You Appreciate": Links for the day
Regaining Software Freedom Means Regaining Control Over Programs That Run on Our Devices: Richard Stallman will speak in Italy
Microsoft Secure Boot Removes Users' Choice: Has Greenland banned Microsoft and 'secure' boot yet?
IBM Pushes Workers Out, It Does Not Count Them as "Layoffs": The number of IBM layoffs can be as large as tens of thousands per year
Hard to Find a Job After Working for Microsoft (Back Doors Giant, Bribery Hub): It generally looks like people who chose to serve Microsoft's agenda don't end up too well
Microsoft Lost 31% Of Its Alleged "Value" in Five Months, Then It Got Downgraded: In 2026 Microsoft focuses on keeping the layoffs silent
Altering Perceived Reality to Make It Seem Like Microsoft is Thriving, Not Failing: pretend XBox did not die
SLAPP Censorship - Part 24 Out of 200: The Failed Effort by Brett Wilson LLP to Strike Out My Lawsuit and My Wife's Lawsuit Against Garrett (the Master Allowed Our Lawsuits to Proceed): This is lawfare
Official New Figures Show That Solicitors Regulation Authority (SRA) Sees Rise in Dishonesty Among Law Firms Forcibly Shut Down ('Euthanised' Due to Misconduct): It's rather if in our little country as many as 16 law firms were found to be so dishonest that they needed to be shut down
Back to Normalcy: In our datacentre at least
IBM is "Increasing Its Temporary and Part-time Headcount" While Net Headcount Falls (Despite Buying Many Companies and Their Workforce): Headcount is a rather superficial yardstick.
Confluent Insiders: IBM Laid Off Over 800 at Confluent, Not Just 800: For the record, the layoffs at Confluent won't be over. After the bluewashing there will be "IBM RAs" impacting Confluent folks, aside from PIPs
EPO Union Decides to Continue Industrial Actions, Next Strike in Four Days: The latest strike had the highest participation rate
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, March 25, 2026: IRC logs for Wednesday, March 25, 2026
Microsoft's "Silent Layoffs" in Slop Clothing: "AI-powered transformation" is just a euphemism for mass layoffs
Where and How to Spot LLM Slop: Many people correctly perceive LLMs as a site's downfall, a step towards the abyss
Public Talk by Richard Stallman in Half a Day "at the Engineering and Architecture Campus of Cesena of the University of Bologna": He'll probably attract a fairly large crowd
Gemini Links 26/03/2026: Buying a House, Stargazing, OFFLFIRSOCH 2026: Links for the day
Links 25/03/2026: Nations Return to Russian Oil and Burning Wood: Links for the day
Gemini Links 25/03/2026: Resisting Authoritarianism and Why Slop Needs to Go Away: Links for the day
Fedora Maintainer-ship Using Slop (Mistakes) Would Make Fedora Less Reliable: It won't produce reliable code or stable systems one can rely upon
IBM's "Legacy Employees" (Experienced Workers, IBM Management Dubs Them 'Dinobabies'): This notion of "legacy employees" seems like something overlapping with "expensive" (well paid) staff, even if not entirely equivalent
EPO's "Current Industrial Actions Are Likely to Intensify Further.": There is another strike in 5 days
This Morning The Register MS Published Slop Promotion With the Term "AI" 15 Times In It. The Register MS Was (As Usual) Paid to Do This: This is not a serious publisher
SLAPP Censorship - Part 23 Out of 200: We Were Right All Along (for 2 Years) About Third Party Funding and Willingness to 'Break the Bank' in Pursuit of "Revenge": How much damage can a person do to oneself in pursuit of cover-up of legitimate technical concerns?
Gnome Foundation Inc is in Trouble: the agenda is set GAFAM and IBM rather than donors
Links 25/03/2026: Airports Further Militarised, "Slopification and Its Discontents", Microsoft 'Open' 'Hey Hi' Shutting Things Down: Links for the day
Gemini Links 25/03/2026: Blogging Fright and Absolutely Useless 'Apps' Made by Slop Machines: Links for the day
Rise in Energy Prices Will Significantly Accelerate the Death of So-called "AI Companies": It should be noted that fake news about Microsoft OpenAI doubling workforce (mere words, not actions) can serve as a nice distraction from the death of Sora due to divestment
It's Always a Question of Trust: There's a widespread stigma of lawyers being manipulative and chronically dishonest
Solicitors Regulation Authority (SRA) Must More Carefully Investigate or Assess the Financial State of Law Firms in the UK: We'll cover this in depth in the future
GAFAM Mozilla Removes Theora Support, Now GNU Needs to Re-encode Videos: Mozilla used to mean something to Free software advocates
An Open Admission Profits Depend on Addiction: Proprietary software tends to be like this
IBM Americas President Ayman Antoun Comes to OpenText, Weeks Ahead the Mass Layoffs Begin: Is that what IBM will be good at?
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, March 24, 2026: IRC logs for Tuesday, March 24, 2026

UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

Recent Techrights' Posts