[arch-general] Campaign against Secure Boot

Kevin Chadwick ma1l1ists at yahoo.co.uk
Tue Jun 26 10:26:55 EDT 2012

> I understand that given Microsoft's record in the past, some of you are
> worried, but when looking in the specifications (as Thomas already
> pointed out) it is quite clear that Microsoft wants to do the right
> thing here.
> Personally I couldn't come up with a better way/infrastructure than the
> one that is going to be implemented.


> So basically the relative low price of 100 USD will mean that there
> might be a lot of organizations with a signed certificate. It would only
> take a breach into one of those organizations to get your code booted on
> basically every machine. It is something like the current situation with
> root CAs in SSL/TLS, but at least from my understanding there is not
> necessarily a way of revoking certificates.

I agree with a lot of what you have said. There is nothing to stop this
$100 rising though.

The best part is it will likely force Motherboard manufacturers to raise
their security game.

UEFI is actually originally from Intel I believe but in order to get the
Windows 8 badge you need to adhere to Microsofts requirements and so
most motherboard/bios manufacturers will probably follow that. There
will be better and worse bioses, the question is what can the average
user do. I presume some security bioses will hardcode more aspects to
mitigate attacks not covered by Microsoft's spec even and not caring
about this badge.

Really I need to find the time to more than skim through this spec
and Intels or others. 


Which states.

MANDATORY. The platform shall ship with an initial, possibly empty,
"forbidden" signature database (EFI_IMAGE_SECURITY_DATABASE1) created
signature is added to the forbidden signature database, upon reboot,
any image certified with that signature must not be allowed to

So revocation is possible likely even through Windows update.


a) It shall be possible for a physically present user to use the Custom
Mode firmware setup option to modify the contents of the Secure Boot
signature databases and the PK. 
This may be implemented by simply providing the option to clear all
Secure Boot databases (PK, KEK, db, dbx) which will put the system into
setup mode.

I haven't checked this as apparently the spec is like > 2000 pages.

This link says setup mode spec makes no mention of key installation by
users being possible.



The problem is On/OFF is the only requirement but microsofts keys must
be recoverable if removed (even though 'database' suggests a multiple
key feature is possible). Chances are many will do the least possible
to adhere. There are no setup mode requirements as far as I can tell
but maybe they are.

It will come down to bios vendors but it would be best to have a USER
EDITABLE whitelist option (assuming the bios and password uses decent
password encryption and write protection) to prevent things like rogue
certs such as the recent windows update patch fixed or perhaps if your
security policy banned Windows ;-).

I have a few questions I'd investigate.

I believe Microsoft could use it as a selling or anti competition point
i.e. your company can use secure boot but only if you use Windows on
this cheap hardware you desire or bought last year. what's more is
there is no technical reason for this situation.

Can you sign keys as Tom mentioned? I hope so, the word import or
signed keys are not in Microsofts document atleast.

As you can disable it completely with a password you should be able to
install non OEM firmware such as Openbios.

Key import via password or even usb key auth would solve all of
these issues. I can't believe that has been overlooked without reason or
shall we say preference. It may be the disable option was an
afterthought must. It's not Microsoft's job to mandate good bios
practice but I'd say the right thing includes thinking about all
possible users especially when it will cost little more to be a
responsible party.

Considering Microsoft have stated they will provide security updates to
even pirated copies of Windows and yet require online! validation to
download the recent key signing security patch. I still don't trust
the vendor that started with stolen code. I can't see the requirment
for online validation being simply a mistake when I've also found more
than one friends machines seriously out of date without security warning
until WGA was installed.


 Why not do something good every day and install BOINC.

More information about the arch-general mailing list