UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

Dr. Roy Schestowitz

2013-04-07 19:30:26 UTC
Modified: 2013-04-07 20:01:45 UTC

As much about security as multimedia DRM

Drip

Summary: Antitrust offences with UEFI restricted boot can no longer be defended as an act of enhancing security because keys are leaking

A Fedora developer was the first to embrace Microsoft's restricted boot, so Fedora was usually ahead of the curve when it comes to it and it shows.

Torvalds criticised Red Hat for complicity with Microsoft [1, 2] after he had slammed restricted boot as something that would not improve security. He was right. Keys were inevitably leaked, leaving UEFI restricted boot (which former Novell/SUSE developers too helped promote) in a position where it is only an antitrust issue and nothing to do with computer security, just protectionism. As one new article puts it, the "Linux Lawsuit Shines Uncomfortable Light on UEFI Standard" and a Restricted Boot proponent leads with this news about UEFI signing keys getting leaked:

A hardware vendor apparently had a copy of an AMI private key on a public FTP site. This is concerning, but it's not immediately obvious how dangerous this is for a few reasons. The first is that this is apparently the firmware signing key, not any of the Secure Boot keys. That means it can't be used to sign a UEFI executable or bootloader, so can't be used to sidestep Secure Boot directly. The second is that it's AMI's key, not a board vendor - we don't (yet) know if this key is used to sign any actual shipping firmware images, or whether it's effectively a reference key. And, thirdly, the code apparently dates from early 2012 - even if it was an actual signing key, it may have been replaced before any firmware based on this code shipped.

But there's still the worst case scenario that this key is used to sign most (or all) AMI-based vendor firmware. Can this be used to subvert Secure Boot? Plausibly. The attack would involve producing a new, signed firmware image with Secure Boot either disabled or with an additional key installed, and then to reflash that firmware. Firmware images are very board-specific, so unless you're engaging in a very targeted attack you either need a large repository of firmware for every board you want to attack, or you need to perform in-place modification.

Now we know that UEFI restrictions had nothing to do with security and eventually became just a competition barrier. Rather than cracking we are seeing leaking as the end of UEFI restricted boot's (or 'secure' boot's) reputation. ⬆

If You Value Privacy, Follow the Likes of Eben Moglen, Phil Zimmermann, and Richard Stallman, Not Back Doors' Boosters Who Mislabel Themselves as Security Experts: Signal is not really secure
Writer's Block is Not a Problem to Us, Only a Lack of Time: Or timewasting by aggressive militants who try to silence us [...] People who experience writer's block very often find it depressing (it feels unproductive) and sometimes come to the conclusion that perhaps writing isn't for them
March Plans for Techrights: next month we plan to start the series about how the SRA failed
Links 26/02/2026: "Peak Mental Sharpness" and "The Whole Economy Pays the Amazon Tax": Links for the day
"Community" Site Deleted by Jeffrey Epstein-Connected 'Linux' Foundation Had Interview Where Eben Moglen Spoke of GPLv3 and of DRM, Back Doors Etc.: Deleting what happened or what was said two decades ago
Richard Stallman (Free Software Foundation) and Eben Moglen (Columbia Law School) Explained 25 Years Ago That Proprietary Software (and Proprietary Firmware) Would Lead to Back Doors: a fortnight after the 9/11 terror attacks in the US
Giving to the Community Versus Taking From the Community (or Worse, Attacking the Community): some people bring no contributions, only harm
LLM Slop Will Try to 'Rewrite' History of UNIX and GNU/Linux: We occasionally see slopfarms spreading misinformation about UNIX, GNU, and Linux
Where Does the Solicitors Regulation Authority (SRA) Stand on Machine-Generated Legal Documents and Copy-pasting One Client's Lawsuit to Start Another (for American Serial Strangler)?: Now that many law firms cheat (copypasta, paper DOoS, LLM slop, breaches of rules, even defaming the other side) the SRA cannot keep up
Of Course Android is Not Free Software: That Android is not about freedom should not be so shocking
Talking About Blackboxes: Having just reposted a couple of articles from Alex Oliva
Microsoft Slop is Already Killing XBox: Microsoft will fail at alleviating such concerns
Two Weeks Have Passed and It Looks Like Conde Nast's Ars Sloppica Sacked "Senior" "AI" "Reporter" Benj Edwards But Did Not Remove All His LLM-Produced 'Articles': the editorial standards at Conde Nast's Ars Sloppica are a joke
Alex Oliva (GNU Linux-Libre): Stricter is Less Popular: Reprinted with permission from Alex Oliva
Fraud and Crimes at Microsoft: A lot of these American companies simply cheat and even bribe
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Wednesday, February 25, 2026: IRC logs for Wednesday, February 25, 2026
FSF's Alex Oliva on Hardware Black Boxes: Reprinted with permission from Alex Oliva
What Microsoft Hides Underneath: In recent years a lot of this shell game was played via "Open" "AI" [sic]
A Lot of Slopfarms Died, Google News Feeds the Few Which Survived and Still Target "Linux": Many just simply died
Links 25/02/2026: Fifth Year of War in Ukraine, Dihydroxyacetone Man Looking to Start More Wars: Links for the day
Gemini Links 25/02/2026: Retired a Year, Illness, Losing a Lung, and "Back to Gemini": Links for the day
The Register MS Published a Ponzi Scheme-Boosting Fake Article This Morning. It Mentions "AI" 30 Times.: Will credibility be left after the bubble pops entirely?
They Try to Ruin Linux, Too ("Attestation" in GNU/Linux): In the context of Web browsers, this isn't unprecedented and we wrote a lot about it
Mozzarella Company: All Our Cheese Comes With Mold Now, But You Can Ask the Seller to Remove the Mold: If you reject and oppose slop, do not download/use Firefox
Stallman Was Right About Back Doors: I had some conversations with Dr. Stallman about security and back doors
Australian Signals Directorate ex-employee sold back doors to Russia: Reprinted with permission from Daniel Pocock
IBM Debt-Loading and Liability (Toxic Asset) Offloading: One can hope that IBM will be subjected to the same attention Kyndryl received, but this boils down to politics
Links 25/02/2026: 'Hybrid Warfare' and "Boycott the State of the Union": Links for the day
IBM (and Red Hat) Can Disappear in the Coming Years, Along With Kyndryl (Debt Twice as Big as Its 'Worth'): No wonder Red Hat workers tell us they hate IBM
Software Freedom is Science, But It Also Sustains Life: In some sense, Software Freedom can be explained in the context of nourishing people
“Xbox, like a lot of businesses that aren’t the core AI business, is being sunsetted.": There has been a lot of narrative control lately, including at 9PM on a Friday
3,300 Capsules Known to Lupa and Currently Accessible: Gemini Protocol turns 7 this summer
When it Comes to Firmware, the FSF and Its Founder RMS Won the Argument (But Not the Fight, Yet): The "whataboutism" tactics are physiological manipulation means of discouraging those who move in the correct direction
Austria Tackles Digital Weapon Disguised as "Social" and/or "Media": Are we seeing the end days of Social Control Media?
Nothing Over the Horizon for XBox: XBox is not even being sold in many places anymore
Solicitors Regulation Authority (SRA) Contradicting Itself: You Can Use Slop to Cheat Clients, But You Can Also Face Disciplinary Actions Over Slop: Where does the SRA stand on the matter?
In Praise of Eben Moglen: Hopefully Professor Moglen will be with us for many decades to come and become an active speaker on issues such as Software Freedom
Sunsetting IBM (for the Benefit of Few Corrupt Officials and Wall Street Speculators): IBM will not (and cannot) survive for much longer [...] The issue is bad leadership, not any particular nationality/race
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Tuesday, February 24, 2026: IRC logs for Tuesday, February 24, 2026
Gemini Links 25/02/2026: Rise of Solar in 2025 and Smallnet Protocols: Links for the day
HR Blunder at IBM or IBM Struggling With Money?: Weird for such an allegedly rich company to be so stingy
Gemini Links 24/02/2026: x86 Computer In-Browser and Administration: Links for the day
Envy is the #1 Enemy of Richard Stallman: Whenever you see someone mocking Richard Stallman, ask yourself: does this person have a reason to be jealous of Richard Stallman?
Life is Sweeter When Less Means More: People need to think "small", not "big" (as in capital)
Championing a Cause: Probably over 100 million GNU/Linux users on laptops/desktops
Balmoral rape cult & Debian suicide cluster indifference, community: Reprinted with permission from Daniel Pocock
Father of XBox Says What Microsoft Does Not Want to Hear About XBox (They All Know It's Dead): Microsoft just worried shareholders will find out Sharma is "just a face" and an undertaker
Can Much Longer Can the Financial 'Press' (Pump-n-Dump Megaphone) Cheer for IBM's Accounting Enigma?: IBM has fallen almost 25%
France Needs to Focus on Software Freedom, Not Flags: We need more SIP advocacy!
Combatting Censorship in the "Civilised World": The Media Blackout Surrounding EPO Strikes and Other Large-Scale Actions: We - collectively speaking - cannot afford to keep the Office in the hands of a "Mafia"
Religious or Not, Consider Quitting Social Control Networks (All of Them) This Season: Lent is a good time to quit addiction such as social control media
EPO Strike Actions and Other Industrial Actions Are Effective When Management Fears the Staff and Staff No Longer Fears Any Managers: 'António the unready' should get ready to be ousted
Liberating the Self From the Invisible Prison of Plutocrats-Controlled Media and Social Control Media: Can you always see the full picture or does something (someone powerful) obstruct it?
Links 24/02/2026: Drug Cartel Decapitated, Jeffrey Epstein-Connected 'Linux' Foundation Promotes Slop and Buzzwords at MWC Barcelona 2026: Links for the day
2023: Layoffs Are Because of "AI". 2024: Shares Up Owing to "AI". 2025: Shares Recently Fell Due to "AI". 2026 Forbes (Paid by IBM): Shares Falling is Good!: "AI" is smoke and mirrors
Bitcoin: Code of Conduct stifled open source concerns: Reprinted with permission from Daniel Pocock
Slop Boosters and 'Hype Agents' Render Themselves Irrelevant and the General Public Becomes Incredulous Due to "Bros Who Cry Wolf!": It won't age well
"Half-baked Vibe Code Shipped Full of Errors": Seems timely after our latest article
IBM Did Not Fall Because of COBOL Vapourware, IBM Still Collapses Because It's Worthless, Way Overvalued, and Very Likely Cooks the Books: language-to-language conversion (in the context of programming) is nothing new
Links 24/02/2026: Copyright Litigation Over Anne Frank’s Diary, "Arrogance of Developers": Links for the day
Another New Low for Solicitors Regulation Authority (SRA): Authorising Slop Disguised as "Legal Advice": SRA is a lapdog - not a watchdog - of the "litigation industry"
EPO "Cocaine Communication Manager" - Part IV - "Many Jobs Were Given to Spanish Employees for No Related Skills At All": The EPO's fate might be similar to that of the XBox
Gemini Links 24/02/2026: Hardware Tinkering and Slop Bots Attacking the "Small Web": Links for the day
Quitting Reddit (Social Control Media Controlled by Conde Nast): There is a new post in Reddit
IBM is the World Champion at Layoffs and There Are Reportedly More Layoffs in IBM This Month (EU): IBM fired 60,000 in 1993
Free Software is for Everyone: Young and old, rich and poor etc.
Gemini Links 24/02/2026: Voltage Divider on Slide Rule and Many Raspberry Pi Projects: Links for the day
Links 24/02/2026: Telephone Turns 150, Political News Catchup, and Rearmament: Links for the day
Asha Sharma "a Palliative Care Doctor Who Slides Xbox Gently Into the Night": 2026 will probably be the last year of XBox
Over at Tux Machines...: GNU/Linux news for the past day
IRC Proceedings: Monday, February 23, 2026: IRC logs for Monday, February 23, 2026

UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

Recent Techrights' Posts