Microsoft has inadvertently demonstrated the intrinsic security problem of including a universal backdoor in its software after it accidentally leaked its so-called “golden key” – which allows users to unlock any device that’s supposedly protected by Secure Boot, such as phones and tablets.
The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled.
I am out of snarky remarks. Yes, it’s possible.
And I say “No duh!” Obviously Windows has a back door, that’s exactly what the government wanted in exchange for not breaking Microsoft into two discreet companies back in the late 90’s when they were found guilty of anti-trust and monopoly practices. Of course all of that went quietly away without explanation. But we all know the real reasons. My advice is to NOT use Windows, or MacOS which has been similarly compromised.
Edited 2016-08-12 01:00 UTC
SecureBoot has little to do with the ability of the FBI to break into encrypted devices, so I don’t think this one is about that.
SecureBoot is now broken because there is a non-changable golden key that is now public.
The reason this is relevant to the FBI case, or to “nonononono to backdoors” is because it is clear that the parties that have the responsibility to keep such global keys secret don’t manage to keep them secret and as a result the entire security feature is broken.
Luckily SecureBoot was only a tiny (but useful) security layer that basically guaranteed that you were running an OS that was trustworthy. With this security layer now basically no longer trustworthy Windows is just as insecure as Pre-SecureBoot devices like XP (and older Linux) on that layer.
The good news is that this might open up more modding opportunities
(and none of this has anything to do with a government backdoor and splitting up Microsoft for all the obvious reasons like “SecureBoot didn’t even exist at that time”)
With or without the FBI, and whatever the reasons for this, this was always going to happen. A system of implied ‘trust’ like this was never going to work. Developers would always need test keys, ways of progressively turning it off for testing and all those other ways you can drive an eighteen wheeler through this.
The problem I have with this, and have had since the idea of ‘Trusted’ and ‘Trustworthy’ computing is the idea of implied trust if something follows a policy and is signed by something. If something malicious gets signed and accepted by this system then it is even worse because the general assumption of untrustworthiness no longer exists.
That is exactly the problem with this.
Technology that tries to make things better but fails often makes things much worse. That doesn’t mean we should get rid of such technologies. It means we should expect such technologies to fail from the beginning and have safeguards in place for that.
The whole https/ssl/certificate idea is great, but then diginotar happened. That didn’t mean certificates instantly became useless because there was a mechanism in place for retracting those certificates. There isn’t really a mechanism to fix SecureBoot except MAYBE BIOS/UEFI updates for all machines which will not happen as experience has taught us.
“that you were running an OS that was trustworthy”
An OS self-promoted as trustworthy, yet featuring a backdoor, is all to me but trustworthy.
It’s just a problem of definition.
SecureBoot was a way to say “this OS hasn’t been modified from the moment that you trusted it”. It never had anything to do with the reality of that OS being any good.
(swallows comparison with marital trust)
But Secure Boot is not even about security, definitely. Paraphrasing Balmer: It’s a teratoma.
[At times think it was put down there to hide what could no longer be shamelessly exposed at the code].
It has teeth and hair, but unable to bite or scare. Just made user experience more miserable.
“…Computers are tuned to perform a certain [class of] task[s]…”, As allanregistros said.
Think Acorn>ARM strategy is the best on short term: An extremely simple, verified and hardened CPU dedicated not to all present and future dangers, but simply at defending and managing OS self-identity.
‘Zombie’ wars?
SecureBoot was NEVER about YOU trusting the computer (to be malware free), it was about COMPANIES trusting the computer to be piracy free. It told MS that your version of Windows was paid for – it told Sony-BMG that your music was paid for and not used in ways they don’t like.
Complete nonsense, because you can still run Windows unactivated or play whatever illegal MP3 you want.
SecureBoot does nothing at the application layer.
avgalen,
Actually I think he’s right. You’re thinking about media that’s already been cracked, but microsoft and the media companies are thinking about how to use DRM on new media that they have yet to release.
You and I might think it’s ultimately futile, but it doesn’t prevent them from trying to do it.
[q]This is just making guesses about the future. I was responding to what JFL65 actually said which was about the past/current situation.
SecureBoot hasn’t prevented me to play any of my media, legal or illegal.
Microsoft changed the activation process of Windows 10 to also accept Win7 and 8 keys to make upgrading/clean-installing easier. None of that had anything to do with SecureBoot.
SecureBoot is not about anti-piracy and it isn’t going to be
avgalen,
Obviously DRM isn’t supposed to prevent you from playing your media, it IS supposed to prevent you from copying it however.
One of the ways they were doing this with Vista was to add numerous tilt bits into the kernel to disable playback features including high-def audio and video when they detected owner modifications or uncertified drivers:
http://www.digplanet.com/wiki/Protected_Media_Path
MS has defended it’s practice even though sometimes it degraded the user’s own content:
http://www.pcworld.com/article/135814/article.html
Despite the DRM protections, there were a slew of hacks, some that operated on the media files directly, and others that broke into the kernel:
https://www.engadget.com/2007/01/29/windows-vista-protected-media-pa…
The owner’s ability to alter the bootloader represented a fundamental weakness to microsoft’s DRM ambitions. As long as owners control the bootloader, they could modify the windows kernel. Microsoft needed a way to prevent the owners from tampering with the boot sequence on their machines – even if it meant they couldn’t boot other operating systems (which would be another perk for microsoft). So Secure Boot was born with the purpose of taking the owner out of control while being sold as a security feature to block malware. However the truth is if it were strictly intended for the later and not the former, then owners would not be at the same level as malware, and it would have been designed to keep the owners in control.
Edit: I’m not claiming it’s effectiveness, but it is a critical part of microsoft’s DRM effort which has been going on for years.
Edited 2016-08-15 14:19 UTC
Me:
This is very clearly your own opinion and not a fact. It is also the basis of our disagreement. You are in the “Microsoft is evil” camp while I am in the “Microsofts commercial department does too many evil things but their developers are okay” camp. And yes, I am seeing myself more nuanced than I see others but in your last few comments you are becoming less nuanced and actually ignore what I write and instead put direct contradictions as facts, for example:
me: Microsoft is a big promoter and user of SecureBoot and they surely influenced they design, but I don’t think they are as influential as you think
you: Microsoft…not influential…+1 for originality
The very next sentence after I say that Microsoft influenced the design you pretend I say they weren’t influential. That is not the level of discussion I got used to from you.
BIOS was going to be replaced with EFI. EFI was going to have much more connection to the OS so EFI and OS needed to be secured from each other. SecureBoot was made for that purpose. TPM WAS actually much more geared towards DRM than SecureBoot was.
Of course there is a link between SecureBoot and DRM/Protected_Path but not a very strong one. On all my companies (pc) hardware I, the user, can both disable SecureBoot and it even looks like I could add my own keys if I ever had a need for that
Well, even you admitted that they would enforce it if they could get away with it. Just look at how much technology has closed up in the past 10 years, do you want to see the trend continue for another 10 years? It’s up to us to speak up against owner restricting technology every single time, otherwise we’re going to wake up one day and unlocked general purpose PCs are going to be a privilege rather than the norm that they used to be.
“…SecureBoot … was about COMPANIES trusting the computer to be piracy free.” There it is, You said it JFL65.
You’re being paranoid. MS hired a lot of lobbyists and started making donations to politicians. That is why they weren’t broken up.
Or, an even more benign explanation actually supported by fact and evidence:
The Bush administration replaced the Clinton administration during negotiations for sentencing, and the already pro-business, anti-government regulation party and administration in charge decided they didn’t want to put the screws to a large source of campaign contributions.
Great news for liberty minded people of the world!
It has been suggested the reason is simply being stupid lazy: they thought it’s easier to implement a global backdoor in every single customer device instead of building an in-house deployment server for generating SecureBoot certificates for development builds of Windows.
At least that’s what has been suggested: Microsoft wanted to make it easier for their devs to install an unsigned developer build of the OS on a developer device. I might have picked another solution for achieving easier developer experience.
Edited 2016-08-12 07:24 UTC
We have seen it time and time again: There are great intentions, bumps along the road, mistakes made and in the end a good idea falls to pieces. I like the message in the Ars-Article: People that want golden keys and expect them to stay hidden…that don’t work y’all!
Also, props for Alfman in http://www.osnews.com/thread?632720
avgalen,
Thanks, given how that discussion was going, I thought you disagreed with me, haha.
I disagreed with you and others about the intend of Microsoft with SecureBoot and the “Microsoft is trying to lock us out of our own computers” atmosphere that was going on in that topic. I agreed with you on most of the technical aspects.
(I did disagree with DarkNexus about basically everything but although such things still bother me I have mostly learned not to feed the trolls)
Final P.S. about that previous topic: You seemed to not understand my point “if Microsoft would ever make it required to disallow enabling SecureBoot that would kill their entire ecosystem and their own devices”. My point was that if SecureBoot=Enabled = required, none of the current systems on the market (including Surface Pro’s) would fit that requirement so Windows would essentially only be allowed to run on new devices…which would never be accepted so the whole ecosystem would collapse
I think you missed everyone else’s point however, they wouldn’t disqualify themselves. They would simply make it required for all future devices. We saw this with SecureBoot’s inception in the first place and Windows 8; your current machine didn’t have to have SecureBoot, but all future machines you buy now have it, do they not?
You call me a troll. You’re entitled to your opinion on that. I call you too trusting, and I’m entitled to my opinion on that. That about clears it up, I’d say.
I didn’t miss this point, because that wouldn’t work. If they would say “In order for a machine to receive a Certified for Windows 10 1608 and up SecureBoot can no longer be disabled” the OEMS would say “no way, because most Enterprises still run Windows 7 and that cannot run on such machines”. The reason all machines that are sold now have SecureBoot is because it gives power to the OEM while providing a benefit to the consumer. That is also the reason SecureBoot is not only supported by Microsoft but also on OSX and Linux.
There is a whole lot wrong with SecureBoot but the idea behind it wasn’t nefarious and so far it has protected users (while annoying power users, as is often the case with security)
avgalen,
Oh boy, haha. I’m in a good mood today, I’d buy the two of you a round of beers and we could get over it, eh?
Edited 2016-08-12 20:29 UTC
Yes, it would certainly align with what Microsoft wants, but lots of Enterprise machines are still shipped with Windows 7. Microsoft isn’t the only one in control here. OEMS, Customers and other parties have quite some pull.
avgalen,
None of those parties have been able to legally buy/sell retail copies of windows 7 in nearly 3 years because microsoft makes the rules.
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fac…
As for OEM copies that are pre-installed, restrictions aren’t really relevant at all because all hardware is going to be certified & compatible with whatever version of windows it comes with: win7, 8, or 10. If it wasn’t clear before, let me state it outright: to enforce secure boot, they’d have to do it with new hardware and supported operating systems from that point forward. You seem to imply that they can’t do it retroactively, but that’s a given.
Edited 2016-08-15 07:06 UTC
No, those restrictions ARE relevant because currently OEMS are selling machines with Windows 7 preinstalled and certified that are also certified for Windows 10. OEMs and Enterprises love that they can do this because it allows business to buy a new machine now that is guaranteed to work with their current software while allowing future migrations. If Microsoft had made locked SecureBoot a requirement the OEMs and Enterprises would have pushed back and they have a lot of power.
Basically I am saying “If Microsoft was the ruler of the Universe everyone would be on Windows 10 with locked SecureBoot. Luckily we don’t live in that world so SecureBoot by default but OEM/user configurable is the compromise that works well”
Edited 2016-08-16 10:29 UTC
“…I disagreed with you and others about the intend of Microsoft with SecureBoot and the ‘Microsoft is trying to lock us out of our own computers’…”.
A very serious issue, and I’ve been just sarcastic about it until now.
Ownership is vital. And yes, it’s about trust -sadly. At least given the reality of our actual hardware|firmware mess.
Here decisions probably had to be taken. We know that Google has [or is openly fighting for] full ownership of the stack. Apple is already past that bridge.
As most of You, don’t like at all the actual trajectory of this industry. My computers are not mine anymore. And computers are powerful, for good or bad. I don’t trust them anymore.
I trust almost all of my tools, but not my computers. And extremely sad about that.
I grow up with this huge promise. I spend a great amount of my life learning to use them. And is precisely this knowledge that is yelling at me not to trust them anymore.
The saying goes that as we are unable to protect ourselves from the risks of the world, then they are going to protect us, by taking charge.
The saying is about to be the same about cars [driver is the weakest and more error prone part of the equation].
My point is: It is their show, and deliberately fixing everything to keep us falling down.
So They say: just sit dawn -and watch, and listen. We’ll manage. Enjoy.
This is so wrong at so many levels. Castrating, unempowering, fragilizing an ecosystem on the intent to hyperexploit it, wasting a technology as a cultural tool, etc. etc.
They can say: If you don’t like this show… But it is cartel handled. Gosh!
So what are hardware manufacturers going to do then? Are they going to remove that now compromised *feature* from their BIOS? I’m looking forward to replacing my 8 year old PC. And I’m just wondering if I could skip this entire BS.
Somehow I bet they are going to launch a “new improved, Securer boot” and make it mandatory plus non-disabl’able.
You developer have ‘whatever’ resources unlocked. No copyright policies messing up.
This is a copyright scandal, not a security one.
Render devices to a pre-UEFI era. Are all those ones security compromised?
Hi,
I saw “Microsoft’s golden key” and got my hopes up. I wanted it to be their secure boot platform key (the one used to sign boot loaders).
Sadly, it’s not – it’s more like a bronze key that can disable secure boot on some of Microsoft’s vibrators.
– Brendan
My naive expectation was- to provide for myself and those I got them to went aboard, a little amount of the power got by Governments, Universities and Corporations had at disposal inside its data centers.
Those little, cute mainframe emulators promised a lot. And here We are now, confronting pieces of hardware more akin to arrogant XXI century versions of cable boxes.
Tremendously intromissive of our privacy, besides.
Don’t feel any need to code above these ‘nouveau cable boxes’. This hardware belongs to the matrix.