"Microsoft’s Secure Boot has been broken for a decade and no one noticed until now"

Gödel

Storage is especially nice if it doesn't rotate
Joined
Nov 21, 2002
Messages
620
Location
Virginia
From https://arstechnica.com/security/20...oot-has-been-broken-for-most-of-its-existence:
An industry-wide standard Microsoft invented to protect Windows, and later Linux, devices from firmware infections has been trivial to bypass for 13 of its 14 years of existence. The discovery was made by researchers at security firm ESET after identifying 11 firmware images, at least one from 2013, that were known to be defective but remained signed by the software company anyway.​
The images are known as shims, which were invented to extend Secure Boot to Linux devices and utility software. Using a technique simple enough to be performed by novice hackers, these old, forgotten shims can be used to completely circumvent the protection, which is embedded into the UEFI (Unified Extensible Firmware Interface) of the device’s motherboard. The gaffe is the result of Microsoft, which oversees the signing of shims, failing to revoke the publicly available images once vulnerabilities were found in them.​
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,932
Location
I am omnipresent
A bunch of old UEFI keys expired last month. New ones come with Windows update. What do you do if you're not running Windows to get new keys? Fuck you, that's what. But anyone running Linux probably knows they can just turn it off in the first place and not hurt a damned thing, but major PC OEMs always ship systems with it on, so I'm sure at least some people have been impacted by old keys expiring.
 
Top