Forgot your password?
typodupeerror

Comment: Re: SecureBOOT not secure (Score 2) 94

by Sam Cornwell (#46526089) Attached to: Security Industry Incapable of Finding Firmware Attackers
You're conflating a lot of things.

-Secure boot is a UEFI protocol not a Windows 8 feature
-UEFI secure boot is part of Windows 8 secured boot architecture
-Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
-OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
-Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

Above is from http://blogs.msdn.com/b/b8/arc... with some modifications.

In the Intel reference UEFI implementation I have used, I could easily add and remove keys and customize it to implement the trust policy I wanted. This is up to your OEM to implement these features, nothing to do with Microsoft. For their certification program, Microsoft *requires* that SecureBoot is disableable and that the secureboot policy (list of trusted signatures) is customizable by a physically-present user. People whining that they can't install Linux on their systems because of Microsoft have no idea what they are talking about.

Comment: Re:Use a jumper (Score 1) 94

by Sam Cornwell (#46525487) Attached to: Security Industry Incapable of Finding Firmware Attackers
Yeah that's basically right. UEFI specifies the need for the storage of non-volatile variables for some configuration or metadata (which can be modified from admin userland as you said). All of the BIOSes I've seen have used the flash chip itself to store this data, therefore the chip must be modifiable and a jumper would not work with these designs. There are mechanisms that can be used to allow writability of certain regions of the chip, but often they are not used. Even when they are used, there are still bugs.

+ - Security Industry Incapable of Finding Firmware Attackers->

Submitted by BIOS4breakfast
BIOS4breakfast (3007409) writes "Research presented at CanSecWest has shown that despite the fact that we know that firmware attackers, in the form of the NSA, definitely exists, there is still a wide gap between the attackers' ability to infect firmware, and the industry's ability to detect their presence. The researchers from MITRE and Intel showed attacks on UEFI SecureBoot, the BIOS itself, and BIOS forensics software. Although they also released detection systems for supporting more research and for trustworthy BIOS capture, the real question is, when is this going to stop being the domain of research and when are security companies going to get serious about protecting against attacks at this level?"
Link to Original Source

They laughed at Einstein. They laughed at the Wright Brothers. But they also laughed at Bozo the Clown. -- Carl Sagan

Working...