Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Secure Boot Isn't So Secure After All: The Golden Key Is Out

Written by Michael Larabel in Microsoft on 11 August 2016 at 08:56 AM EDT. 52 Comments

MICROSOFT

So much for Secure Boot being so secure... After a mistake by Microsoft, the "golden key" is now out in the wild.

Microsoft itself accidentally leaked the "golden key" to Secure Boot so that theoretically users on any SecureBoot-enabled device can bypass this boot-time safety mechanism. This will make it easy to load Linux on more devices, but this leaked golden key is also beneficial to those dealing with boot/root-kits.

Earlier this year two researchers discovered the issue with the golden key being accidentally left in by Microsoft in some debugging tools. With that key, anyone can close the door on Secure Boot.

While these researchers were in contact with Microsoft the past few months, they've now launched the Secure Golden Key Boot site with details on the issue and how Microsoft managed to royally screw up. Go check out that site if you are curious about all of the technical details.

52 Comments

Related News

Microsoft Helping Out In Making The Linux Kernel Language More Inclusive

Microsoft Engineer Sends Rust Linux Kernel Patches For In-Place Module Initialization

Microsoft Enables DNS Tunneling By Default For WSL - More Reliable Networking

Microsoft Better Seeds The RNG For Hyper-V VMs In Linux 6.9

Microsoft's DirectX Shader Compiler Sees Improved Linux Build Support

Microsoft Rebranding CBL-Mariner Linux Distribution To "Azure Linux"

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Linus Torvalds Injects Tabs To Thwart Kconfig Parsers Not Correctly Handling Them

Linux 6.10 To Merge NTSYNC Driver For Emulating Windows NT Synchronization Primitives

Ubuntu Maker Canonical Announces New Collaboration With Qualcomm

Fedora 41 Looks To "-O3" Optimizations For Its Python Build

APT 2.9 Released: Debian's APT 3.0 To Have A New UI With Colors, Columnar Display & More

Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver

KDE's KWin Merges Wayland Explicit Sync Support

Gentoo Linux Now An SPI Project