Microsoft FUBARs Windows Secure Boot for all eternity

Discussion in 'PC Hardware, Software and Displays' started by Grall, Aug 11, 2016.

  1. Grall

    Grall Invisible Member
    Legend

    Joined:
    Apr 14, 2002
    Messages:
    10,801
    Likes Received:
    2,174
    Location:
    La-la land
    MS mistakenly includes backdoor "key" on some of its devices; can bypass secure boot protection on ANY windows 8.1+ device; PCs, tablets, phones... Also; showed reluctance to acknowledge goof-up.

    Arguably we're actually less secure now than we were without windows "secure" boot, because now there's false sense of security, and MS is allegedly unable to close the loophole because doing so would kill compatibility with bootable installation media, restore partitions and such.
     
    Malo likes this.
  2. Malo

    Malo Yak Mechanicum
    Legend Veteran Subscriber

    Joined:
    Feb 9, 2002
    Messages:
    7,535
    Likes Received:
    3,575
    Location:
    Pennsylvania
    Interesting article, thanks. Been reading up on it as well. It looks to be definitely a goof on a rather grand scale.
     
  3. Silent_Buddha

    Legend

    Joined:
    Mar 13, 2007
    Messages:
    16,984
    Likes Received:
    6,236
    It's actually not a golden key or a signing key of any sort. The article title is misleading in that respect. Although the security hole is real.

    http://arstechnica.com/security/201...u-leaks-golden-key/?comments=1&post=31693939#

    That comment on the post also contains the actual security researcher's notes on this security hole.

    It affects secure boot devices but only if certain versions of Windows 10 (v1511 and earlier) are installed. Or more correctly the bootmgr from Windows 10 v1511 or earlier must be installed.

    So basically Windows 8.0, 8.1 and Windows 10 v1607 and above aren't affected.

    The problem is that you can still install the bootmgr from an earlier version of Windows 10. I don't know if you can do that on a Windows 8.0 or 8.1 device without first upgrading to Windows 10.

    Regards,
    SB
     
    RootKit and BRiT like this.
  4. BRiT

    BRiT Verified (╯°□°)╯
    Moderator Legend Alpha

    Joined:
    Feb 7, 2002
    Messages:
    14,829
    Likes Received:
    12,939
    Location:
    Cleveland
    To be pedantic, you're not any less secure with this hole and secure boot than you are without secure boot. It's only the perception of security when you're not guaranteed to be secure that is an issue.
     
    RootKit and Shifty Geezer like this.
  5. TheAlSpark

    TheAlSpark Moderator
    Moderator Legend

    Joined:
    Feb 29, 2004
    Messages:
    21,424
    Likes Received:
    6,870
    Location:
    ಠ_ಠ
    What is secure booty and are there sharpies involved.
     
  6. orangpelupa

    orangpelupa Elite Bug Hunter
    Legend Veteran

    Joined:
    Oct 14, 2008
    Messages:
    8,107
    Likes Received:
    1,672
    So, android can come to lumia? Blow that secure boot wide open, hack android into it.

    If too hard, try adding one more person to type on the keyboard.
     
  7. Albuquerque

    Albuquerque Red-headed step child
    Veteran

    Joined:
    Jun 17, 2004
    Messages:
    3,856
    Likes Received:
    345
    Location:
    35.1415,-90.056
    Yeah, the Win10 bootloater (BCD) can be used to boot any NT6 kernel-based operating system, and (unless they've changed it recently) can even be used with the backwards compatibility flag to boot NTLDR-based NT5 operating systems (XP.)

    In $job-2 we purposefully used a Windows 7 BCD-based bootloader to boot our XP-based "POSReady2009" operating system images -- because it allowed us to hide an alternate boot strategy which could load our WIndowsPE-based recovery image process from a secondary partition. Needed the new boot loader for modern WinPE, and needed NTLDR for the crap, old XP-based primary OS.

    We actually used a Win7-based PE image to lay down the ancient XP crap, lulz. The glory of using old, shite 3rd party off-the-shelf Point Of Sale (truly a POS in two figurative senses!) and their dependence on old, shite operating systems.

    Edit: Yup, NT5 / NTLDR is still supported as a boot method in the Win10 Anniversary flavor of BCDEdit. bcdedit /create {NTLDR} /d "XP will nevAR DIE!"
     
    #7 Albuquerque, Aug 12, 2016
    Last edited: Aug 12, 2016
Loading...

Share This Page

  • About Us

    Beyond3D has been around for over a decade and prides itself on being the best place on the web for in-depth, technically-driven discussion and analysis of 3D graphics hardware. If you love pixels and transistors, you've come to the right place!

    Beyond3D is proudly published by GPU Tools Ltd.
Loading...