M$’s InSecure Boot

“Microsoft has accidentally leaked the keys to the kingdom, permitting attackers to unlock devices protected by Secure Boot — and it may not be possible to fully resolve the leak.
 
The design flaw in the Windows operating system can be used to unlock Windows devices, including smartphones and tablets, which are otherwise protected by Secure Boot in order to run operating systems other than Windows on locked down systems.”
 
See Microsoft Secure Boot key debacle causes security panic
See what a colossal failure relying on a single source of supply for software is? The world did back-flips to do things M$’s way and is rewarded with built-in backdoors to the world’s IT. M$’s way of doing things is often the worst possible way. I recommend using Debian GNU/Linux just to be different from M$’s slaves who are the number one big fat target of bad guys on the Internet.

About Robert Pogson

I am a retired teacher in Canada. I taught in the subject areas where I have worked for almost forty years: maths, physics, chemistry and computers. I love hunting, fishing, picking berries and mushrooms, too.
This entry was posted in technology and tagged , , , , , , . Bookmark the permalink.

7 Responses to M$’s InSecure Boot

  1. oiaohm says:

    This bug report is about a spurious message being displayed on boot telling users that the system is Booting in insecure mode when no message should be displayed.
    Lie the bug report is that you can boot something unsigned in secureboot mode without displaying message at all.

    Arnulfo Ellinger what don’t want to accept that Microsoft managed to stuff it completely up. Windows RT devices don’t display message booting in insecure mode they just don’t boot at all and play dead if they hit anything that does not pass secureboot.

  2. This bug report is about a spurious message being displayed on boot telling users that the system is Booting in insecure mode when no message should be displayed.

  3. Finalzone says:

    dougman,
    Considering the popularity of those Linux companies and the request from their clients to support such devices and these manufacturers bundle such with secure boot enabled, can you do better?
    The decision from those Linux companies were pragmatic and close to the reality.

  4. oiaohm says:

    The question I have how bad is this screw up.
    http://www.rodsbooks.com/efi-bootloaders/controlling-sb.html#keytool
    Will it allow keytool to replace the PK and the KEK to lock Microsoft out of these platforms once and for all.

  5. ote says:

    Two things:

    1) This and the way Delta’s M$ systems are all screwed up is yet more reasons to not trust Microsoft with enterprise and/or cloud computing.

    2) this is an excellent nail in the coffin against Govt spooks that want weak encryption, supporting, for the one time I agree with them, Apple’s contention that master keys to intentionally weakened encryption will inevitably leak to the black-hat community making it a mess for all. And it’s not like the strong encryption algorithms aren’t already 1) in the public domain (e.g. published), 2) can be re-written/implemented in software, and 3) run on open-architecture hardware (e.g. ARM or other open- and trusted-foundry designs as opposed to intel’s i-series). It just making having secure locks inconvenient to user community and there collectively makes things less secure for all….

  6. dougman says:

    And to think, the Linux companies that paid M$ for the privilege, just got kicked in the nuts.

  7. Agent Smith says:

    Excellent, I always knew locked boot was a sham, just to avoid Linux. Now, we can install Linux everywhere!!!

Leave a Reply