Announcement

Collapse
No announcement yet.

Secure Boot Isn't So Secure After All: The Golden Key Is Out

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Secure Boot Isn't So Secure After All: The Golden Key Is Out

    Phoronix: Secure Boot Isn't So Secure After All: The Golden Key Is Out

    So much for Secure Boot being so secure... After a mistake by Microsoft, the "golden key" is now out in the wild...

    http://www.phoronix.com/scan.php?pag...oot-Golden-Key

  • #2
    Wow, no one saw that one coming.

    And now for the serious part of this message. That linked site is terrible. It's really hard to read the whole thing when it's constantly moving. I get sick when trying to read in a moving car and the experience there was similar. Also, I'm glad modern browsers allow muting specific tabs.

    Comment


    • #3
      Originally posted by devius View Post
      Wow, no one saw that one coming.

      And now for the serious part of this message. That linked site is terrible. It's really hard to read the whole thing when it's constantly moving. I get sick when trying to read in a moving car and the experience there was similar. Also, I'm glad modern browsers allow muting specific tabs.
      Honest question: what's more terrible: Microsoft loosing the key, or that website? I vote the first.

      Comment


      • #4
        Well when secureboot first came out it was accused of being some giant conspiracy to stop PCs from ever running Linux.
        5 years later and dozens of easy successful Linux installs later [long before this hack was announced], that was obviously wrong.

        As for preventing boot-level malware, well the vast majority of malware has no need to ever get that low-level in the first place, so we're not really any less secure in the real-world than before secureboot showed up.

        In other news, I'd greatly like to see secureboot put onto every Android device in existence. I'd like the so-called "open" Android platform to be just as locked down as all those evil Microsoft PCs so I can actually put a real Linux distribution on it just like the supposedly "locked down" PCs.

        Comment


        • #5
          Originally posted by chuckula View Post
          Well when secureboot first came out it was accused of being some giant conspiracy to stop PCs from ever running Linux.
          5 years later and dozens of easy successful Linux installs later [long before this hack was announced], that was obviously wrong.

          As for preventing boot-level malware, well the vast majority of malware has no need to ever get that low-level in the first place, so we're not really any less secure in the real-world than before secureboot showed up.

          In other news, I'd greatly like to see secureboot put onto every Android device in existence. I'd like the so-called "open" Android platform to be just as locked down as all those evil Microsoft PCs so I can actually put a real Linux distribution on it just like the supposedly "locked down" PCs.
          So you're claiming that you can go out to the store, buy an ARM based computer running Windows RT, and just install some GNU/Linux distro on it? Well, now you can in any case.

          Also: the vast majority of malware never went that low level, but why fix a security issue when it appears, instead of preventing it?

          Comment


          • #6
            There is more details and script for installation: http://www.theregister.co.uk/2016/08...boot_ms16_100/

            Comment


            • #7
              Those who cannot remember the past are condemned to repeat it.
              I mean, look how well it worked for The One Ring.

              Comment


              • #8
                Originally posted by rubdos View Post

                So you're claiming that you can go out to the store, buy an ARM based computer running Windows RT
                I never said that people can go out and buy ARM based computer running Windows RT. In fact, nobody did, which is probably why they don't exist in stores anymore.

                I specifically mentioned PCs with the so-called "non-open" x86 architecture that is surprisingly open when it comes to real-world use and not fanboy forum posts.

                As for Windows RT devices that nobody bought being locked down or not locked down I look at it this way: If Microsoft copying Google is now bad, then what Google is doing in the first place should also be called bad. And since Google appears to have actually succeeded at doing the bad thing, Googles bad >>>>> Microsoft's bad.

                It's not 1998 anymore, learn to adapt to the times.

                Comment


                • #9
                  It was bound to happen sooner or later…

                  Comment


                  • #10
                    Hmm, looks like no problem in my case. It's only microsoft's key. I removed M$ key from UEFI and entered my own. Just need to run one signing script on every grub update (which doesn't happen often).

                    Comment

                    Working...
                    X