Godlike Productions - Discussion Forum
Users Online Now: 1,645 (Who's On?)Visitors Today: 145,074
Pageviews Today: 246,534Threads Today: 80Posts Today: 1,507
03:14 AM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

MS leaked the "golden keys" that unlock Windows-powered devices sealed by Secure Boot

 
FUCK THE MACHINE
User ID: 69844010
United Kingdom
08/11/2016 08:18 AM
Report Abusive Post
Report Copyright Violation
MS leaked the "golden keys" that unlock Windows-powered devices sealed by Secure Boot
Ok here's the cliff-notes:
www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_1​00/


From the developers themselves:
(Slipstream + MY123...)
The "supplemental" policy does NOT contain a DeviceID. And, because they were meant to be merged into a base policy, they don't contain any BCD rules either, which means that if they are loaded, you can enable testsigning. Not just for windows (to load unsigned driver, ie rootkit), but for the {bootmgr} element as well, which allows bootmgr to run what is effectively an unsigned .efi (ie bootkit)!!! (In practise, the .efi file must be signed, but it can be self-signed) You can see how this is very bad!! A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!


NB: wonder if TPTB use this to get rootkits onto YOUR windoze machine???
Anonymous Coward
User ID: 70837898
Finland
08/11/2016 08:21 AM
Report Abusive Post
Report Copyright Violation
Re: MS leaked the "golden keys" that unlock Windows-powered devices sealed by Secure Boot
So, does it mean I can install Linux on Secure Boot systems that came with a pre-installed Windows 10?
Anonymous Coward
User ID: 63444365
United States
08/11/2016 08:23 AM
Report Abusive Post
Report Copyright Violation
Re: MS leaked the "golden keys" that unlock Windows-powered devices sealed by Secure Boot
So, does it mean I can install Linux on Secure Boot systems that came with a pre-installed Windows 10?
 Quoting: Anonymous Coward 70837898


Sorry, no
Anonymous Coward (OP)
User ID: 69844010
United Kingdom
08/11/2016 08:33 AM
Report Abusive Post
Report Copyright Violation
Re: MS leaked the "golden keys" that unlock Windows-powered devices sealed by Secure Boot
------------------------------------------------
So, does it mean I can install Linux on Secure Boot systems that came with a pre-installed Windows 10?

-------------------------------------------------


I would think it will work for Windows 10 machines! - Details:
The policy is universal; it is not tied to any particular architecture or device. It works on x86 and ARM, on anything that uses the Windows boot manager. Technically speaking, it is a supplemental policy: it's supposed to be merged with other Secure Boot policies, but you can use it as a main policy to switch off signature checks.




[link to rol.im (secure)]
...
During the development of Windows 10 v1607 'Redstone', MS added a new type of secure boot policy. Namely, "supplemental" policies that are located in the EFIESP partition (rather than in a UEFI variable), and have their settings merged in, dependant on conditions (namely, that a certain "activation" policy is also in existance, and has been loaded in). Redstone's bootmgr.efi loads "legacy" policies (namely, a policy from UEFI variables) first. At a certain time in redstone dev, it did not do any further checks beyond signature / deviceID checks. (This has now changed, but see how the change is stupid) After loading the "legacy" policy, or a base policy from EFIESP partition, it then loads, checks and merges in the supplemental policies. See the issue here? If not, let me spell it out to you plain and clear. The "supplemental" policy contains new elements, for the merging conditions. These conditions are (well, at one time) unchecked by bootmgr when loading a legacy policy. And bootmgr of win10 v1511 and earlier certainly doesn't know about them. To those bootmgrs, it has just loaded in a perfectly valid, signed policy. The "supplemental" policy does NOT contain a DeviceID. And, because they were meant to be merged into a base policy, they don't contain any BCD rules either, which means that if they are loaded, you can enable testsigning. Not just for windows (to load unsigned driver, ie rootkit), but for the {bootmgr} element as well, which allows bootmgr to run what is effectively an unsigned .efi (ie bootkit)!!! (In practise, the .efi file must be signed, but it can be self-signed) You can see how this is very bad!! A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!
Anonymous Coward
User ID: 70438231
United States
08/11/2016 08:36 AM
Report Abusive Post
Report Copyright Violation
Re: MS leaked the "golden keys" that unlock Windows-powered devices sealed by Secure Boot
great...so every 3 year old that can read can now fry my computer...





GLP