{"id":62611,"date":"2024-07-25T14:00:10","date_gmt":"2024-07-25T18:00:10","guid":{"rendered":"http:\/\/pappp.net\/?guid=ece1ca7929bde5e6a9005544be4cf400"},"modified":"2024-07-25T14:00:10","modified_gmt":"2024-07-25T18:00:10","slug":"secure-boot-is-completely-broken-on-200-models-from-5-big-device-makers","status":"publish","type":"post","link":"https:\/\/pappp.net\/?p=62611","title":{"rendered":"Secure Boot is completely broken on 200+ models from 5 big device makers"},"content":{"rendered":"<p class=\"syndicated-attribution\">Source: <a href=\"https:\/\/arstechnica.com\/?p=2039140\">Ars Technica<\/a><\/p>\n<div style=\"background-color : #fff7d5;\n\t\t\tborder-width : 1px; padding : 5px; border-style : dashed; border-color : #e7d796;margin-bottom : 1em; color : #9a8c59;\">Article note: The PKI situation with SecureBoot has always been weird, but it grows ever more bullshit. \nThe trust roots don't really make sense except in an emabling-anticompetitive-behavior sort of way, there isn't really any meaningful revocation mechanism, and there can't be without ...internet connected firmware that might effectively brick systems, and the necessary shimming support to eventually run arbitrary unsigned software makes the whole model feeble, and... \nThe only mode it makes sense in is the \"I'm signing my immutable system image with my own signing key which is the only enrolled key on a system\" context and... that's neither possible on most firmwares or a configuration I've ever heard of anyone using outside of an experimental context.<\/div><div>\n<figure>\n  <img src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/10\/rootkit-800x533.jpg\" alt=\"Secure Boot is completely broken on 200+ models from 5 big device makers\" referrerpolicy=\"no-referrer\" loading=\"lazy\"\/>\n      <p><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2020\/10\/rootkit.jpg\" rel=\"noopener noreferrer\">Enlarge<\/a> (credit: sasha85ru | Getty Imates)<\/p>  <\/figure>\n\n\n\n\n\n\n<div><a name=\"page-1\"><\/a><\/div>\n<p>In 2012, an industry-wide coalition of hardware and software makers adopted <a href=\"https:\/\/uefi.org\/press-release\/UEFI_Forum_Releases_UEFI_2.3.1_Specification_Update_and_Schedules_July_3_2012\" rel=\"noopener noreferrer\">Secure Boot<\/a> to protect against a long-looming security threat. The threat was the specter of malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted up. From there, it could remain immune to detection and removal and could load even before the OS and security apps did.<\/p>\n<p>The threat of such BIOS-dwelling malware was largely theoretical and fueled in large part by the creation of <a href=\"https:\/\/blog.csdn.net\/icelord\/article\/details\/1604884\" rel=\"noopener noreferrer\">ICLord Bioskit<\/a> by a Chinese researcher in 2007. ICLord was a <a href=\"https:\/\/en.wikipedia.org\/wiki\/Rootkit\" rel=\"noopener noreferrer\">rootkit<\/a>, a class of malware that gains and maintains stealthy root access by subverting key protections built into the operating system. The proof of concept demonstrated that such BIOS rootkits weren't only feasible; they were also powerful. In 2011, the threat became a reality with the discovery of <a href=\"https:\/\/www.theregister.com\/2011\/09\/14\/bios_rootkit_discovered\/\" rel=\"noopener noreferrer\">Mebromi<\/a>, the first-known BIOS rootkit to be used in the wild.<\/p>\n<p>Keenly <a href=\"https:\/\/uefi.org\/sites\/default\/files\/resources\/UEFI_Plugfest_2011Q4_P5_Insyde.pdf\" rel=\"noopener noreferrer\">aware of Mebromi<\/a> and its potential for a devastating new class of attack, the Secure Boot architects hashed out a complex new way to shore up security in the pre-boot environment. Built into UEFI&mdash;the Unified Extensible Firmware Interface that would become the successor to BIOS&mdash;Secure Boot used <a href=\"https:\/\/en.wikipedia.org\/wiki\/Public-key_cryptography\" rel=\"noopener noreferrer\">public-key cryptography<\/a> to block the loading of any code that wasn&rsquo;t signed with a pre-approved digital signature. To this day, key players in security&mdash;among them&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/surface\/do-more-with-surface\/what-is-secure-boot\"  rel=\"noopener noreferrer\">Microsoft<\/a>&nbsp;and the&nbsp;<a href=\"https:\/\/media.defense.gov\/2020\/Sep\/15\/2002497594\/-1\/-1\/0\/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF\/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF\"  rel=\"noopener noreferrer\">US National Security Agency<\/a>&mdash;regard Secure Boot as an important, if not essential, foundation of trust in securing devices in some of the most critical environments, including in industrial control and enterprise networks.<\/p><\/div><p><a href=\"https:\/\/arstechnica.com\/?p=2039140#p3\" rel=\"noopener noreferrer\">Read 36 remaining paragraphs<\/a> | <a href=\"https:\/\/arstechnica.com\/?p=2039140&amp;comments=1\" rel=\"noopener noreferrer\">Comments<\/a><\/p>","protected":false},"excerpt":{"rendered":"<p>Enlarge (credit: sasha85ru | Getty Imates)  <\/p>\n<p>In 2012, an industry-wide coalition o&#8230;<\/p>\n<p> <a href=\"https:\/\/pappp.net\/?p=62611\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[226],"tags":[],"class_list":["post-62611","post","type-post","status-publish","format-standard","hentry","category-news-2"],"_links":{"self":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/62611","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=62611"}],"version-history":[{"count":0,"href":"https:\/\/pappp.net\/index.php?rest_route=\/wp\/v2\/posts\/62611\/revisions"}],"wp:attachment":[{"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=62611"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=62611"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/pappp.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=62611"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}