Bonum Certa Men Certa

[Video] UEFI Insecure Boot: Another Nail in the Coffin

posted by Roy Schestowitz on Jul 29, 2024

Video download link | md5sum dd9c634b1416f67902406317d73b9009
Insecure Boot Strikes Again
Creative Commons Attribution-No Derivative Works 4.0

Preview for Insecure Boot Strikes Again

THE small bunch (borderline fringe) of 'Secure Boot' Microsofters are not talking about the latest blunder. They just have nothing to say in their defence. They've been proven wrong. So let's discuss the matter. We don't just let it pass.

12 years ago they told us adoption of 'bootlocks' is fine and that this is perfectly OK. To oppose this would be to oppose security. Well, patience is a virtue here because over the past 12 years we've repeatedly been proven right and we can howl from rooftops now. The lesson is, do not believe anything Microsofters say. As an associate put it recently, there will "be a few long-form series later on in the indefinite future on the details."

The time seems right to respond to over a decade of mindless propaganda from Microsofters. They're hired professional censors in an effort to suppress information and intimidate women.

Some have dubbed this latest scandal "InSecure Boot" and security gurus are deeply concerned ("This isn’t good"). IDG said:

Security research firm Binarly reports that leaked cryptographic keys have compromised hardware from several major vendors in the PC industry, including Dell, Acer, Gigabyte, Supermicro, and even Intel. Eight percent of firmware images released in the last four years are compromised, with 22 untrusted keys discovered immediately.

This is also discussed in some GNU/Linux forums. One commenter said: "It's security done by Microsoft... that's all that needs to be said, eh?" Another one said: "Yeah, enough said. I'm grateful that I was able to switch off secure boot on my new T14 Thinkpad to install Linux. I'm glad that Windows isn't on my home LAN."

This additional report says "Secure Boot key compromised in 2022 is still in use in over 200 models — an additional 300 more use keys are marked ‘DO NOT TRUST’". To quote from the summary:

>Software security firm Binarly discovered that over 200 device models used a compromised security key, while an additional 300 more used default test keys shared with nearly all of AMI's customers.

Finally, for the time being, this one mentions another "brand name" for this issue:

A vulnerability dubbed PKfail can allow attackers to run malicious code during the boot process, which can be used to deliver UEFI bootkits.

No matter what one calls it - e.g. "PKfail" or "InSecure Boot" - this is a black eye to Microsofters.

Iris Flower Art Vintage

We already added some of these stories to Daily Links or had them linked to the originals in the sister site, but on Saturday we did a video about it. The first piece that everyone linked to (also in IRC) was Ars Technica's and it sort of speaks for itself. An associate called for "a Tomi Ahonen style "I told you so" article," arguing that "even short series is warranted because the public had been warned in detail in advance of just these kinds of problems."

We've repeatedly written about this since 2012.

"There are other problems too which have manifested," the associate said, "this is not the first."

There are also more serious warnings (warranting further precautions) which have not yet come to pass, so the other shoe has yet to drop - so to speak - on UEFI.

The politics which the UEFI patches and shim allowed Microsoft can be re-examined in this context.

Microsoft is meanwhile pushing the media to pretend no option exists other than Windows (and Office) for new laptops and desktops. What is this, 2004? Citing this as an example, the associate said "Microsoft pursues trapping people into a the sunk cost fallacy to prevent upgrading the OS to Linux or, worse from their perspective, using open formats for documents."

The way Microsoft sees things, anything other than Windows is not trustworthy or is "piracy". People who object to Windows are being bullied and vilified, even if the facts are on their side all the time.

Other Recent Techrights' Posts

Linux is Already Dominant (Android), Let's Make GNU/Linux Dominant in Desktops/Laptops as Well
"Dr. Stallman recently warned everybody about Microsoft."
 
Say the Truth, the Rest Will Follow
There's no guarantee that writing the truth will result in an audience (or readership), but over time - in the long run - people generally gravitate towards what they know or feel to be crude truth, not just what's comforting (albeit false or self-deluding, usually groupthink dictated from above)
How to Expose High-Level Corruption Without Getting in (Too Much) Trouble
Democracy depends on free press and freedom of the press depends on being able to safely publish (and keep available) material that bad people don't want to be known to anybody
In-Depth EPO Coverage at Techrights Turns Eleven
11 years is a very long time
Windows Measured Below 10% in Afghanistan, GNU/Linux Gaining a Lot
about 80% are Android (Linux) users, compared to only about 10% for Windows
Poland's Political Predicament and Social Control Media
Democracy and fake "tech" don't mix well; the latter tends to interfere with the former and that's why we get more "Putins" out there
EPO: Taking Away From the Staff to Give More to the Rich
The Central Staff Committee (CSC) wrote to EPO staff earlier this week
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 03, 2025
IRC logs for Tuesday, June 03, 2025
Abuse Inside the Polish Patent Office (UPRP) - Part I: It's a Lot Like the EPO
we can commence a series soon
Gemini Links 04/06/2025: Inescapable Questions and Quitting All "Oligarch Tech"
Links for the day
Slopwatch: Linux FUD From Slopfarms, Blaming Linux for Microsoft Issues; Even WebProNews Has Become a Slopfarm (Googlebombing "Linux" With Slop Images and Fake/Plagiarised Text)
The Web is really getting bad; it's also overwhelmed by fake material or plagiarised material, wherein the plagiarism gets disguised/hidden by LLM sausage factories
Links 03/06/2025: Tiananmen Square Massacre Censorship and Growing Military Activities Around Taiwan
Links for the day
The Loyalty to Microsoft and the Salaries From Microsoft (Funding SLAPPs Against Techrights and Tux Machines)
Garrett always knows better. He knows everything best.
Windows Falls in Italy as GNU/Linux Jumps to 5%
Italy knows a thing or two about digital autonomy
Nigeria is All Android and Google
Windows down to almost nothing in Africa's largest population
Mass Layoffs at Microsoft (Second Wave) Not Limited to Redmond
"More layoffs at Microsoft as axe falls in Washington and California"
Gemini Links 03/06/2025: Forth System and "Common Lisp is a Dumpster"
Links for the day
The Leaks Were Right: Mass Layoffs at Microsoft in May, Then Another Wave in June
Just as we've been saying for over a month
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Monday, June 02, 2025
IRC logs for Monday, June 02, 2025
Last Article From Australia's Sam Varghese Was a Year Ago and It Covered the Release of Julian Assange, Who Will Apparently Come Back as 'Politician'
It'll soon be exactly 12 months
Hungary Seems Hungry for Linux
Windows down by a lot
Like in Europe, Bad News for Microsoft in US and Canada
If it loses those "regions", then what's left?
About 8 Waves of Mass Layoffs at Microsoft in 2025 (in Less Than 5 Months), Now Vista 11 "Market Share" Decreases
Really bad news for shareholders of Microsoft
statCounter Sees Bing "Share" Falling Over 0.5% in One Month, Now Lower Than Before the ChatGPT/Bing Chat Hype
Bing has been part of the mass layoffs for quite some time
After Microsoft's Bankruptcy in Russia Android (Linux) Will Dominate Asia Completely
Windows probably peaked in "XP" or "2000"
Microsoft's Demise is a Global Phenomenon
mass layoffs justified using mindless buzzwords
All-Time Highs for GNU/Linux in EU and the UK, All-Time Lows for Microsoft
Combining ChromeOS and GNU/Linux, it adds up to and almost reaches 6%
India: Windows Falls to 50% in Desktops/Laptops and 8% Overall
laptops/desktops fell to 16% of the whole
statCounter: GNU/Linux Up to 4.7% "Market Share" This Month
30,000 Microsoft jobs may be eliminated by year's end
Microsoft is in Trouble and Microsofters Know It
"I've been happy on Win 3.11 for years."
[Video] New Introduction to Richard Stallman's Contributions Including GNU Emacs, GNU/Linux, and Software Freedom
from the channel previously bullied for supporting RMS
Links 02/06/2025: South Korea to Vote, Russia Blitzed From Within
Links for the day
Links 02/06/2025: Political Leftovers, DRM, and Patents
Links for the day
Links 02/06/2025: Microsoft Spins Layoffs as "Slop", Frontier Settles Lawsuit
Links for the day
When You Publicly Boast About Wanting to Violently Attack People (Even Colleagues) Finding a Job Will Prove Difficult
there's a lesson to be learned here
The Web We Lost, the Information Lost Due to Microsoft's Attacks on Companies Like Yahoo! (Before the LLM Slop Frenzy)
When it comes to news sites, what can we say?
Covering Corruption in Poland, Including a War on Science (Due to Bad Politicians)
What we're about to show is that skilled and experienced scientists in Poland are besieged by bureaucrats
Gemini Links 02/06/2025: "Star Wars Day" and "Security Day"
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Sunday, June 01, 2025
IRC logs for Sunday, June 01, 2025