Secure Boot is only going to hinder legitimate users in the long term.
iphone boot exploits, wii boot exploits, PS3 boot exploits have all been published freely mostly because they are very hard to capitalize on (these machines all have secure boot implementations, albeit not the UEFI one)
If UEFI secure boot exploits really protect against malware, they will be traded like 0-day exploits and will be worth a lot (I suspect it will be harder to update the firmware against these 0-days than running WindowsUpdate).
It's a landgrab; slow and cunning on the x86/AMD64, quick and merciless on the ARM. But it has a lot more to do with grabbing land than with end user security.
edit: drivebyacct2 claims that none of these 3 had security comparable with UEFI SecureBoot. I don't know enough to argue about that - my assumption is that it will be implementation flaws that will be exploited, rather than theoretical flaws. But I might be wrong.
Let's not get ahead of ourselves. Stallman is cool and everything but he is NOT 100% right. Most of us here, for instance, do not believe it is unethical to create "proprietary software". There is still a lot of basic philosophy on which to contest Stallman.
Today is secure boot. Next say some governments will make it illegal to buy a machine without a secure boot feature and forbids you to run any OS without a backdoor. Now i'am sure that your government will never do that
I personaly will never buy any machine, as soon as i can, as soon as it is still legal, with any "secure" feature. My machine is mine, not to the original manufacture, not to Microsoft or to Redhat or to anyone that believe that it is theirs. Even that i know that i live in a great democracy, i have nothing to hide, and my government is my good friend
Couldn't all hardware that has this secure boot functionality simply include a physical switch that grants full access to the hardware? When the switch is on you can install any OS you like, when the switch is off no root kits could install themselves.
Low level vulnerabilities are indeed something that need to be addressed - such vulns are a real (and growing) threat and by their very nature are incredibly hard to deal with. It's a shame countermeasures are taking this manifestation, however.
Is there any actual evidence for this? Why are they any harder to deal with than cleaning existing malware? If anything they're easier to detect (just read the boot sectors on the drive and compare vs. a small list of known bootloaders). "Clean up" just requires installing a new bootloader and rebooting. Obviously the malware could try to take steps (load compromised storage drivers, say) to defeat this, but that's equally an option for traditional malware too (e.g. hack the filesystem to hide itself).
Where's the urgency here? What makes this so important?
Not even to remember, that Mr. Sh. was in the random number selling and certification business in the first place. "I am what I am because of who we all are." -- VeriSign
This would seem to suggest that the days of dual booting are numbered. Either if ARM becomes the key player or if the policy on x86 changes.
I'm not sure that general purpose computers will die though, geeks and developers are a big enough market to support manufacturers creating systems that are more powerful and flexible.
Assuming that Virtual Machine software is not blocked, with good enough visualization software and fast enough hardware (enough RAM especially) running a Linux VM with Windows 8 may be indistinguishable from running it directly on the chip.
If the OS becomes just a way to bootstrap a browser or VM I'm not sure how important it is anyway?
How important is the foundation of a house, after all there is also a floor in the second storey of the building.
The entire point of the secured boot process is, that you can only boot a signed kernel. And in the case of iOS today, the kernel will only load signed programs. (And a VM is against the App Store guidelines, as is a python interpreter). So there is no guarantee, that you will be allowed to run a VM on your secure boot machine.
If every computer in the world is vulnerable to malware signed by a specific Microsoft key, how long do we think this key would remain secret? What will Microsoft do when (not if) that happens? Will they pay for the replacement of every PC and ARM device built to that point?
The benefit of breaking it and immediately gaining permanent undetectable access to every Windows-capable computer on the planet can offset a lot of cost.
For some definition of "will", I guess. It's part of the windows logo requirements for x86. For now.
But what happens when someone screws up? I buy a laptop with a windows logo and try to install OpenBSD or whatnot, only to discover that the "disable secure boot" option is missing or broken. What's my recourse? Wait for a firmware update (which we know from experience will never arrive -- it boots fine in windows)? Return the laptop (which works perfectly within its warranted behavior)? Whine and look sad?
The incentives are all wrong for this to be a stable situation. Over time and platform changes, "disable secure boot" is going to rot. We all know it.
17. Mandatory. On non-ARM systems, the platform MUST implement
the ability for a physically present user to select between two
Secure Boot modes in firmware setup: "Custom" and "Standard".
Custom Mode allows for more flexibility as specified in the
following:
1. It shall be possible for a physically present user to use the
Custom Mode firmware setup option to modify the contents of the
Secure Boot signature databases and the PK. This may be
implemented by simply providing the option to clear all Secure
Boot databases (PK, KEK, db, dbx) which will put the system into
setup mode.
2. If the user ends up deleting the PK then, upon exiting the
Custom Mode firmware setup, the system will be operating in
Setup Mode with SecureBoot turned off.
3. The firmware setup shall indicate if Secure Boot is turned
on, and if it is operated in Standard or Custom Mode. The
firmware setup must provide an option to return from Custom to
Standard Mode which restores the factory defaults. On an ARM
system, it is forbidden to enable Custom Mode. Only Standard
Mode may be enabled.
PK is the "platform key". It is the key used by the firmware to identify the platform owner, and is used by the platform owner to enroll the "key exchange key" (KEK). The KEK is used for the firmware and the operating system to establish a secure channel. DB is the database of authorized signatures and certificates. DBX is the database of banned signatures and certificates.
UEFI has two modes, "User Mode" and "Setup Mode". It is in User Mode when there is a PK enrolled, and in that mode the secure boot policy is enforced. When in Setup Mode, no secure boot policy is enforced, and PK, KEK, DB, and DBX are writeable without any authentication required.
In other words, in Setup Mode, you can put your own set of signatures and certificates in. You should be able to even put Microsoft's certificates and signatures in DBX and thus prevent people from installing Windows on your box. (Or, more practically, put Microsoft's keys in DB along with yours, so you can dual boot).
Also:
18. Mandatory. Enable/Disable Secure Boot. On non-ARM systems,
it is required to implement the ability to disable Secure Boot
via firmware setup. A physically present user must be allowed to
disable Secure Boot via firmware setup without possession of
PKpriv. A Windows Server may also disable Secure Boot remotely
using a strongly authenticated (preferably public-key based)
out-of-band management connection, such as to a baseboard
management controller or service processor. Programmatic
disabling of Secure Boot either during Boot Services or after
exiting EFI Boot Services MUST NOT be possible. Disabling Secure
Boot must not be possible on ARM systems.
[+] [-] beagle3|13 years ago|reply
iphone boot exploits, wii boot exploits, PS3 boot exploits have all been published freely mostly because they are very hard to capitalize on (these machines all have secure boot implementations, albeit not the UEFI one)
If UEFI secure boot exploits really protect against malware, they will be traded like 0-day exploits and will be worth a lot (I suspect it will be harder to update the firmware against these 0-days than running WindowsUpdate).
It's a landgrab; slow and cunning on the x86/AMD64, quick and merciless on the ARM. But it has a lot more to do with grabbing land than with end user security.
edit: drivebyacct2 claims that none of these 3 had security comparable with UEFI SecureBoot. I don't know enough to argue about that - my assumption is that it will be implementation flaws that will be exploited, rather than theoretical flaws. But I might be wrong.
[+] [-] seanp2k2|13 years ago|reply
"everything Stallman said was true"...and now it's happening on a huge scale.
[+] [-] cookiecaper|13 years ago|reply
[+] [-] mtgx|13 years ago|reply
[+] [-] Legion|13 years ago|reply
Maybe it's because this is from FSFE - the European counterpart.
[+] [-] gringomorcego|13 years ago|reply
[+] [-] jtsagata|13 years ago|reply
I personaly will never buy any machine, as soon as i can, as soon as it is still legal, with any "secure" feature. My machine is mine, not to the original manufacture, not to Microsoft or to Redhat or to anyone that believe that it is theirs. Even that i know that i live in a great democracy, i have nothing to hide, and my government is my good friend
[+] [-] jsmcgd|13 years ago|reply
What do you think?
[+] [-] Spoom|13 years ago|reply
The opposite is true of ARM, however.
[+] [-] knowaveragejoe|13 years ago|reply
[+] [-] fpgeek|13 years ago|reply
[+] [-] knowaveragejoe|13 years ago|reply
[+] [-] ajross|13 years ago|reply
Where's the urgency here? What makes this so important?
[+] [-] sukuriant|13 years ago|reply
[+] [-] Create|13 years ago|reply
http://blogs.technet.com/b/msrc/archive/2012/06/03/microsoft...
Not even to remember, that Mr. Sh. was in the random number selling and certification business in the first place. "I am what I am because of who we all are." -- VeriSign
[+] [-] jiggy2011|13 years ago|reply
I'm not sure that general purpose computers will die though, geeks and developers are a big enough market to support manufacturers creating systems that are more powerful and flexible.
Assuming that Virtual Machine software is not blocked, with good enough visualization software and fast enough hardware (enough RAM especially) running a Linux VM with Windows 8 may be indistinguishable from running it directly on the chip.
If the OS becomes just a way to bootstrap a browser or VM I'm not sure how important it is anyway?
[+] [-] yk|13 years ago|reply
The entire point of the secured boot process is, that you can only boot a signed kernel. And in the case of iOS today, the kernel will only load signed programs. (And a VM is against the App Store guidelines, as is a python interpreter). So there is no guarantee, that you will be allowed to run a VM on your secure boot machine.
[+] [-] rbanffy|13 years ago|reply
The benefit of breaking it and immediately gaining permanent undetectable access to every Windows-capable computer on the planet can offset a lot of cost.
[+] [-] recoiledsnake|13 years ago|reply
[+] [-] zokier|13 years ago|reply
[+] [-] ajross|13 years ago|reply
But what happens when someone screws up? I buy a laptop with a windows logo and try to install OpenBSD or whatnot, only to discover that the "disable secure boot" option is missing or broken. What's my recourse? Wait for a firmware update (which we know from experience will never arrive -- it boots fine in windows)? Return the laptop (which works perfectly within its warranted behavior)? Whine and look sad?
The incentives are all wrong for this to be a stable situation. Over time and platform changes, "disable secure boot" is going to rot. We all know it.
[+] [-] dlitz|13 years ago|reply
[+] [-] tzs|13 years ago|reply
The relevant parts for this discussion are:
PK is the "platform key". It is the key used by the firmware to identify the platform owner, and is used by the platform owner to enroll the "key exchange key" (KEK). The KEK is used for the firmware and the operating system to establish a secure channel. DB is the database of authorized signatures and certificates. DBX is the database of banned signatures and certificates.UEFI has two modes, "User Mode" and "Setup Mode". It is in User Mode when there is a PK enrolled, and in that mode the secure boot policy is enforced. When in Setup Mode, no secure boot policy is enforced, and PK, KEK, DB, and DBX are writeable without any authentication required.
In other words, in Setup Mode, you can put your own set of signatures and certificates in. You should be able to even put Microsoft's certificates and signatures in DBX and thus prevent people from installing Windows on your box. (Or, more practically, put Microsoft's keys in DB along with yours, so you can dual boot).
Also:
[+] [-] unknown|13 years ago|reply
[deleted]
[+] [-] bcl|13 years ago|reply
[+] [-] losethos|13 years ago|reply
[deleted]
[+] [-] iRobot|13 years ago|reply
[deleted]