Monday, August 15, 2016 [Tweets] [Favorites]

Microsoft Leaks Its Golden Key

Daniel Eran Dilger:

Microsoft has demonstrated why the FBI’s desire for “Golden Key” backdoors allowing “good guys” to bypass security is such a bad idea: it inadvertently released its own keys to Windows tablets, phones, HoloLens and other devices using UEFI Secure Boot.

Tom Mendelsohn (via Bruce Schneier):

Secure Boot works at the firmware level, and is designed only to allow an operating system signed with a key certified by Microsoft to load. It can be disabled on many desktops, but on most other Windows devices, it’s hard-coded in. The golden key policy seems to have been designed for internal debugging purposes, to allow OS signature checks to be disabled, apparently so programmers can test new builds. In practice, it could well open up Microsoft’s tablets and phones to serious attacks.

[…]

Microsoft has now responded to the Secure Boot blooper.

The company said: “The jailbreak technique described in the researchers’ report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections.”

Matthew Garrett:

Unfortunately older versions of the boot loader will happily load a supplementary policy as if it were a full policy, ignoring the fact that it doesn’t include a device ID. The loaded policy replaces the built-in policy, so in the absence of a base policy a supplementary policy as simple as “Enable this feature” will effectively remove all other restrictions.

Unfortunately for Microsoft, such a supplementary policy leaked. Installing it as a base policy on pre-Anniversary Edition boot loaders will then allow you to disable all integrity verification, including in the boot loader. Which means you can ask the boot loader to chain to any other executable, in turn allowing you to boot a compromised copy of any operating system you want (not just Windows).

ole man:

I can still remember a time when the ability to install any software on your very own computer wasn’t considered to be a “bug” or a “vulnerability”.

Previously: FBI Asks Apple for Secure Golden Key.

1 Comment

[…] Microsoft Leaks Its Golden Key, Why Are We Fighting the Crypto Wars Again?, FBI Asks Apple for Secure Golden […]

Stay up-to-date by subscribing to the Comments RSS Feed for this post.

Leave a Comment