Bonum Certa Men Certa
IRC Proceedings: March 31st, 2013-April 6th, 2013 | Red Hat et al. (Including Android's Guardian) Complain About Companies That Attack FOSS With Patents, Apple Sites Quote 'FOSS Patents' Spin on Yet Another Loss Against Android

UEFI Restricted Boot No Longer Valid for Security, Keys Leaked

As much about security as multimedia DRM

Drip



Summary: Antitrust offences with UEFI restricted boot can no longer be defended as an act of enhancing security because keys are leaking

A Fedora developer was the first to embrace Microsoft's restricted boot, so Fedora was usually ahead of the curve when it comes to it and it shows.



Torvalds criticised Red Hat for complicity with Microsoft [1, 2] after he had slammed restricted boot as something that would not improve security. He was right. Keys were inevitably leaked, leaving UEFI restricted boot (which former Novell/SUSE developers too helped promote) in a position where it is only an antitrust issue and nothing to do with computer security, just protectionism. As one new article puts it, the "Linux Lawsuit Shines Uncomfortable Light on UEFI Standard" and a Restricted Boot proponent leads with this news about UEFI signing keys getting leaked:

A hardware vendor apparently had a copy of an AMI private key on a public FTP site. This is concerning, but it's not immediately obvious how dangerous this is for a few reasons. The first is that this is apparently the firmware signing key, not any of the Secure Boot keys. That means it can't be used to sign a UEFI executable or bootloader, so can't be used to sidestep Secure Boot directly. The second is that it's AMI's key, not a board vendor - we don't (yet) know if this key is used to sign any actual shipping firmware images, or whether it's effectively a reference key. And, thirdly, the code apparently dates from early 2012 - even if it was an actual signing key, it may have been replaced before any firmware based on this code shipped.

But there's still the worst case scenario that this key is used to sign most (or all) AMI-based vendor firmware. Can this be used to subvert Secure Boot? Plausibly. The attack would involve producing a new, signed firmware image with Secure Boot either disabled or with an additional key installed, and then to reflash that firmware. Firmware images are very board-specific, so unless you're engaging in a very targeted attack you either need a large repository of firmware for every board you want to attack, or you need to perform in-place modification.


Now we know that UEFI restrictions had nothing to do with security and eventually became just a competition barrier. Rather than cracking we are seeing leaking as the end of UEFI restricted boot's (or 'secure' boot's) reputation.

IRC Proceedings: March 31st, 2013-April 6th, 2013 | Red Hat et al. (Including Android's Guardian) Complain About Companies That Attack FOSS With Patents, Apple Sites Quote 'FOSS Patents' Spin on Yet Another Loss Against Android

Recent Techrights' Posts

Real Security Elusive, Microsoft Layoffs to Coincide With Certificate Apocalypse
July 1
2026 is a Year of Strikes at the European Patent Office (EPO)
As it stands at the moment, to many people the EPO represents crime, not law
Only 1.5% Oppose the European Patent Office's (EPO) Strikes and Other Industrial Actions Until 2027
Among those polled/surveyed (in a ballot)
 
5 Years After Release of Vista 11 Not Even One in 5 People Use It (in the US)
It doesn't look like Vista 11 will ever be adopted like prior versions and announcing a Vista 12 will mostly upset companies/organisations that only recently "upgraded" to 11
Gemini Links 21/06/2026: Boca Raton, Perfect Summer Day, and LLM Doing Things Poorly
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, June 20, 2026
IRC logs for Saturday, June 20, 2026
Microsoft Insiders - Not Limited to XBox - Expect a 'Bloodbath' (Their Own Word)
This isn't limited to XBox
Reports of "PIP" as Means of Mass Layoffs at IBM This Year
some insights into the PIPs
SLAPP Censorship - Part 112 Out of 200: Strangles Women, Then Refuses to Even Attend Any of His Own Hearings About It
It is meanwhile very apparent that Brett Wilson LLP is becoming a "mench sphere"
Gemini Links 20/06/2026: "There Was Never Supposed to Be a Camera" and "What Is A Programming Language"?
Links for the day
Geminispace Reaches Its 8th Year, Today It Has Turned 7
Gemini Protocol 'went live' 7 years ago, just before the COVID-19 pandemic
Links 20/06/2026: "Full Page Paralysis" and "Hopes For Xbox’s Future Might Be Over Before It Even Begins"
Links for the day
European Patent Office's (EPO) Strikes "at a Scale not Seen Since Battistelli", European Patent Grants Down by Over 25% in Past 3 Months
The actions are effective
Links 20/06/2026: Microsoft's "Year of Shame" and "Feed the Writers"
Links for the day
Web Browsers Are Technically Bloatware (No Matter What Runs in Them)
Don't make it a society that shames people into using a Web browser where none should be needed
Fedora Has Changed a Lot Since I Last Used It (IBM Dominates Almost Everything, IBM Agenda Displaces Community Goals)
"It is effectively 100% run by Red Hat/IBM employed people... even when they are community-elected representatives."
Andy (Cyber Show) on His Teacher Who "Squeezed Every Last Drop Out of Life, With Gratitude, Humility, Generosity and Mettle"
Some call them "eccentric" and are dismissive about what they have to offer
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, June 19, 2026
IRC logs for Friday, June 19, 2026
Gopher/Gemini Links 20/06/2026: Slop With Tcl/Tk and Nokia 770 Perishes
Links for the day
SLAPP Censorship - Part 111 Out of 200: Garrett and Graveley (the Latter Arrested for Strangling Women) Keep Ousting Their Collaboration in Litigation, Lawfare in a Foreign Continent
it's not law, it's just warfare disguised as "law"
European Patent Office (EPO) Series: Lobbying in Lisbon...
reappointment campaign lobbying has not been restricted to the "home front" in Portugal
Slop Making Its Way Into Terms Where It Does Not Belong
Hopefully by year's end Google News can successfully cull (and deprive of traffic) almost all slopfarms
Links 19/06/2026: Microsoft Patent Troll Intellectual Ventures in Europe, "World Cup of Internet Resilience"
Links for the day
Links 19/06/2026: Salesforce Data Thefts and GAFAM's Conspiracy Theories That Data Center Opposition is a Foreign Plot
Links for the day
Links 19/06/2026: The Retweeting Class and Data Centres as National Security Risk
Links for the day
Don't Attack the Wives (or Spouses) of Pundits/Activists/Journalists
We will be writing several series about this in the future
Society Will Only Improve Owing to People Who Push Boundaries
Push boundaries with ideas and facts, not with forbidden language
Internet Relay Chat (Shorthand IRC) is Still Growing
Contrariwise, social control media is waning
The Register MS Published a New Page With "AI" 21 Times in It. It Was Paid SPAM.
The former editor of the The Register MS admitted to me (directly) that he knew all this "AI" stuff was stupid hype
Murdoch's Wall Street Journal (WSJ) Associates Dependence on a Ponzi Scheme With "the Future"
Those ludicrous ads (disguised as rankings) from WSJ deserve scorn and ridicule
The XBox Story is Still Fast-Developing, the Layoffs Are Confirmed to be Happening Already (Mid-June), Just Not "Officially"
Workers have Microsoft have long braced for what is happening this summer and will accelerate further in two weeks' time
Fake News From Rupert Murdoch's WSJ Could Not Keep IBM From Sinking
"2026 Best Companies for the Future"?
To GNU, AV2 Adoption May be a Year If Not Years Away
The leap between versions means that there is fertile ground for incompatibilities
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 18, 2026
IRC logs for Thursday, June 18, 2026
Gemini Links 19/06/2026: "Born and Raised by the Internet", Fifteen Years in Gopher
Links for the day