top | item 41072166

(no title)

drhagen | 1 year ago

> To this day, key players in security—among them Microsoft and the US National Security Agency—regard Secure Boot as an important, if not essential, foundation of trust in securing devices in some of the most critical environments, including in industrial control and enterprise networks.

Am I correct that Secure Boot purely exists to prevent this attack vector: malware gets root on the OS, hardware allows updating firmware via OS now owned by malware, but Secure Boot means you have to wipe only the hard drive instead of the firmware to eliminate the malware.

It seems like it would be a lot simpler and more reliable to add a button to motherboards that resets the firmware to the factory version (on memory that can't be written by a malicious OS).

discuss

acdha|1 year ago

Also things around physical access: if you steal my laptop, FDE prevents you from getting my data immediately but if you install malware which takes over the boot process, you get that data as soon as I type in my password.

If the process changes so the hardware only loads signed firmware, which only loads a signed boot loader, which only loads a signed kernel, etc. that avenue of attack is closed. It also makes it possible to trust a used computer.

The problem is that other than Apple nobody has really been committed to doing it well - it’s begrudging lowest-bidder compliance and clearly not something many vendors are taking pride in.

amluto|1 year ago

Secure Boot with factory keys has never prevented this attack, by design. You can take a valid, signed OS image from your favorite vendor (Microsoft, Red Hat, whatever), write some userspace code for it that asks for a passphrase and looks exactly like the legitimate paraphrase prompt, and configure the boot order to boot to it. It will pass the Secure Boot checks because it is completely valid. Secure Boot, as configured by default, never had userspace verification as a design goal.

There are at least two solutions:

1. Deploy your own Secure Boot keys and protect them with a firmware password whatever mechanism your particular system has to lock down Secure Boot settings.

2. Use TPM-based security so that even knowing the passphrase doesn’t unlock FDE unless the PCRs are correct.

#1 is a bit of a pain. #2 is a huge pain because getting PCR rules right is somewhere between miserable and impossible, especially if you don’t want to accidentally lock yourself out when you update firmware or your OS image.

Of course, people break PCR-based security on a somewhat regular basis, so maybe you want #1 and #2.

sillywalk|1 year ago

> other than Apple nobody has really been committed to doing it well

I believe Chromebooks also do this fairly well.

megous|1 year ago

> It also makes it possible to trust a used computer.

Thankfully all this complexity is not the only thing that allows to trust a used computer. There are other options, like not having a modifiable SW (that is SW not stored in non-replaceable ROM) run prior to handing off control to bootloader loaded from external media.

vbezhenar|1 year ago

> Also things around physical access: if you steal my laptop, FDE prevents you from getting my data immediately but if you install malware which takes over the boot process, you get that data as soon as I type in my password.

There's still simple vector of attack by installing hardware keylogger to the keyboard wires.

m463|1 year ago

Do enterprise vendors like dell do it well enough to meet corporate requirements?

out-of-ideas|1 year ago

do folks in the business really simply steal a laptop and try to pull all data? or do they steal the laptop and wipe it and flip it... if they wanted your data wouldnt they steal you, the human, too ?

the signing method only offers buying more time before the innevitable data is "breached" by a theat actor - its the same buying-time for any and all encryption. the system can get too complex, and the underlying problems of humans will always exist (and amplified by more points of failure).. (accidents, data breaches, exploits, ect). the system needs to be immutable, but also mutable at the same time (for updates, ect) - and thats not exactly something easy to accomplish.

and with apple.. they try yes, but it is forever a walled garden. we've already seen their secure enclave bloatloader shinanigans get exploited on phones- and it was not fun for those people where their phones were compromised. apple suffer from us humans, too (we will never be perfect, nor will our software)

tripflag|1 year ago

The case you're outlining (an uefi rootkit) is pretty much the worst case; assuming you get infected by some malware which decides to install a malicious firmware (BIOS update), then pretty much nothing is getting in the way of that.

What secureboot is designed to prevent is malicious changes to the OS bootloader (a conventional rootkit), which is usually shimx64.efi or grubx64.efi on linux/dualboot machines, or bootmgfw.efi on windows. Secureboot checks the signature of .efi files before they're allowed to run during boot, ensuring they were signed by one of the trusted keys. And unless you've made changes to your secureboot config, that means microsoft and/or the hardware vendor.

amluto|1 year ago

I think “UEFI rootkit” usually refers to a malicious .efi file installed in the ESP. An actual firmware rootkit, installed on the flash chip, can likely bypass Secure Boot entirely, and may well be able to bypass TPM protections as well.

gizmo686|1 year ago

It is possible to use Secure Boot as part of a fully verified bootchain. The firmware verified the bootloader. The bootloader verifies the kernel (and kernel arguments, and ramdisk...), the kernel verified all executables. Userspace programs verify critical data files.

There are systems out there that do this, and having something like Secure Boot is essential to their design (as is measured boot, which is the main mechanism TPMs leverage).

However, this solution is utterly unworkable for the personal computer market. Instead, we have a bunch of general purpose kernels signed to run on any computer, but which are willing to run any userspace you through at them.

Terr_|1 year ago

I'm having strange nostalgic flashbacks the '90s where I kept wondering why nobody offered a hard drive with a physical read-only toggle button. (Mounted to the front of the 5.25 inch bay in a tower chassis, as was the style of the time.)

Obviously you need some read+write storage elsewhere on the same computer, but you could reliably freeze large chunks of stuff in a way that would be impervious to viruses or hackers.

drhagen|1 year ago

I remember USB drives in the '00s that had a read-only toggle. They were useful for rescuing machines that had a virus.

Edit: A quick search reveals that, of course, you can still buy them today. I have not felt a need for one in ages.

CableNinja|1 year ago

There were things like this, but it was more to prevent accidental writes. Some of the old 10" drives had a write enable toggle.

bitwize|1 year ago

Secure Boot is the first component in a verified boot chain from initial power-on to application level code. Signed, verified firmware boots signed, verified kernel with strict authenticity and integrity guarantees. The goal is, presumably, to attest to the authenticity and integrity of everything the system runs, but when it comes to kernel modules and device drivers, userland OS components, and applications, those are the kernel's responsibility. But Secure Boot is an essential link in this chain.

judge2020|1 year ago

That sounds correct, but even the savviest of users might not be aware they have malware installed when they decide to re-install windows. If cleaning malware requires pressing a button on the MOBO then I can imagine only a single-digit percentage of users will actually click it.

Dylan16807|1 year ago

If they're not worried about malware, and there is some, then they'd probably get reinfected by their data anyway.

awaythrow999|1 year ago

Immediately gets slapped over the head by the requirement: "preventing downgrade to a vulnerable version" (which would be just a matter of enough time passing)

antifa|1 year ago

And by "vulnerable version" they mean the version before they added ads to the boot screen.

sim7c00|1 year ago

it protects against boot and early boot attacks. thia includes bootkits but also early drivers such as AV drivers and others which protect the system further. if you dont have it, any security can be compromised before its active. via different methods.

tedunangst|1 year ago

How do you determine when to push the button?

bluescrn|1 year ago

Instead, write-protect the firmware by default, and require the user to press a physical button on the back of the PC to write-enable it (for a limited duration/until the next reboot)

Dylan16807|1 year ago

Any time you're reinstalling the OS and suspect the old OS had malware.

Or if you want to make it simpler, any time you're reinstalling the OS.

jtbayly|1 year ago

Once a day ought to do…