• dan69@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    5 hours ago

    Few years ago I watched this engineer who used an rp3 to hack a bit locker encryption key.

  • Beangut@lemmy.world
    link
    fedilink
    English
    arrow-up
    1
    ·
    9 hours ago

    My word of advice; any security implementation by an actor who has a fiscal responsibility and/or incentive is inherently flawed.

    You are handing your keys to a whore.

  • Kongar@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    118
    arrow-down
    5
    ·
    1 day ago

    Unpopular opinion but I’m dying on this hill. Secure boot creates more problems than it solves.

    • JiveTurkey@lemmy.world
      link
      fedilink
      English
      arrow-up
      75
      ·
      1 day ago

      I’d argue this is actually a popular opinion. IMO secureboot has just become a way for Microsoft to leverage it’s position and keep a strangle hold on industries they have no business being in.

      The whole kernel level anti-cheat on win11 bullshit in the gaming industry is a good example. Essentially locking games to its platform and willing to sacrifice security to do so at our expense.

      • Default Username@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        20
        ·
        1 day ago

        This is especially true on computers where it is impossible to change the signing keys. Smartphones, game consoles, many laptops, some desktops, smart TVs, IoT devices, modern cars, etc.

          • Default Username@lemmy.dbzer0.com
            link
            fedilink
            English
            arrow-up
            8
            ·
            23 hours ago

            Kind of. You can change the signing key for the operating system, but you cannot change the signing key of the primary bootloader, as that is baked into the SoC.

              • Default Username@lemmy.dbzer0.com
                link
                fedilink
                English
                arrow-up
                8
                ·
                18 hours ago

                That’s moreso because it’s using an unofficial key, so the device manufacturer (Google in the case of Pixels) cannot verify the authenticity of the OS you’re running.

                If you were able to replace that bootloader with a custom one, then you would be able to disable that message or just use a completely different bootloader like UBoot or EDK2 if it was ported, though.

                • 𝕸𝖔𝖘𝖘@infosec.pub
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  5 hours ago

                  Functionally, though, wouldn’t it be the same as replacing the computer’s SecureBoot bootloader, since it’s Microsoft (in the case of SecureBoot) that doesn’t like the unofficial key that Linux installs? Shouldn’t the user be allowed to add or remove any key they desire from the allow list of official keys (maybe have some sort of decentralized verification system, if they user decides they want to verify it)?

                  I’m more thinking out loud here, trying to understand.

      • chaogomu@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 day ago

        Popular is the wrong question, the correct question is, how many machines is this default on.

    • Fizz@lemmy.nz
      link
      fedilink
      English
      arrow-up
      7
      arrow-down
      17
      ·
      1 day ago

      What problem does it create? Its a good tech and we absolutely should be cryptographically verifying the boot process to ensure it hasnt been tampered with.

      • Zarobi@aussie.zone
        link
        fedilink
        English
        arrow-up
        45
        ·
        1 day ago

        Because it’s proprietary and in 99% of cases actually means “Windows Boot”, and isn’t very compatible with other OS. Windows is basically in charge of the entire technology and doesn’t have a history of being friendly to other OS.

        For a while Linux was completely blocked by this setting, which was yet another technical barrier to getting into Linux because you had to fuck around in your scary UEFI settings otherwise your PC would be soft-bricked after installing Linux. Nowadays it’s slightly supported by some distributions but Microsoft could of course change it at any time.

        Further reading: https://wiki.ubuntu.com/UEFI/SecureBoot

        • orclev@lemmy.world
          link
          fedilink
          English
          arrow-up
          18
          ·
          1 day ago

          The way it should work is that during the OS install the OS can ask to have a cert added to the keystore at which point UEFI pops up a screen that says something like:

          An application has requested to add a new certificate to secure boot which will allow new software to run at boot up. This usually happens when installing or updating an OS. If you would like to allow this press and hold <5 randomly selected letters> on the keyboard for 5 seconds. If you don’t want to allow this press and hold escape for 3 seconds.

          This would at least be a vendor agnostic way of enrolling certificates instead of the MS certificate just always being pre-installed. It should also of course be publicly documented exactly how the process works so everyone can use it.

          • addie@feddit.uk
            link
            fedilink
            English
            arrow-up
            8
            ·
            1 day ago

            Problem being, of course, that you can add more certificates, but you can’t revoke the original M$ one. And since it’s vulnerable and you can’t get rid, then these exploits still work and there’s nothing you can do to stop it.

            • Default Username@lemmy.dbzer0.com
              link
              fedilink
              English
              arrow-up
              12
              ·
              1 day ago

              Computers shouldn’t come with Microsoft keys preinstalled to begin with (or an operating system for that matter). Microsoft being able to have Windows preinstalled on the vast majority of non-Apple PCs is how they gained their monopoly in the first place.

            • orclev@lemmy.world
              link
              fedilink
              English
              arrow-up
              3
              ·
              1 day ago

              You should be able to remove any or all the certs as well, although I could see an argument for requiring you to enter the BIOS to do that.

          • exu@feditown.com
            link
            fedilink
            English
            arrow-up
            4
            ·
            1 day ago

            Universal Blue distros do that. For some reason you need to enter a password though.

    • black0ut@pawb.social
      link
      fedilink
      English
      arrow-up
      15
      arrow-down
      3
      ·
      17 hours ago

      It’s not flawed at all. But its purpose isn’t actually to secure anything. Its purpose is to complicate the installation of alternative OS and to perpetuate vendor lock in, while sounding like it’s “for your security”. In that regard, it has succeeded.

      There is also TPM and Microsoft Pluton, which serve the same purpose.

      • AnUnusualRelic@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        12 hours ago

        A very large portion of Microsoft’s efforts are dedicated to this. If they redirected just a bit of their work force to fixing their products, maybe people would actually want to use them, instead of being forced to.

  • A_norny_mousse@piefed.zip
    link
    fedilink
    English
    arrow-up
    31
    ·
    1 day ago

    11 old and forgotten UEFI shim bootloaders at versions 0.9 and below that can be used to bypass UEFI Secure Boot on any UEFI-based machine that trusts Microsoft’s Microsoft Corporation UEFI CA 2011 third-party UEFI certificate authority (CA) certificate, regardless of the installed operating system (OS).

    This “Trust” is one of my pet peeves. It’s $$$.

      • The_Decryptor@aussie.zone
        link
        fedilink
        English
        arrow-up
        1
        ·
        15 hours ago

        Secure boot does have a revocation mechanism (It’s literally how this issue has been mitigated) though.

        You can not only load in allowed signatures, you can also load in disallowed ones so even properly signed binaries will get rejected.

    • naticus@lemmy.world
      link
      fedilink
      English
      arrow-up
      17
      ·
      1 day ago

      I get why you’d dislike that wording, but this is also how all certificate stores work, regardless of whether we’re talking Secure Boot, Windows or Linux. Gotta trust the top level as providing legitimate certificates to then trust everything underlying as coming from the correct parties.

      Certificate are something I work with constantly at work and I fucking hate resolving issues with them lol.

      • A_norny_mousse@piefed.zip
        link
        fedilink
        English
        arrow-up
        14
        ·
        1 day ago

        I get why you’d dislike that wording

        It’s not just the wording.

        this is also how all certificate stores work

        Precisely.

        Check out cacert.org and why it never gained “Trust”. Hint: $$$

    • JiveTurkey@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      ·
      1 day ago

      Add this to the pile of reasons why M$ is a joke and people should stop using them. Nothing they make is so good that you need to stick around.

      • orclev@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 day ago

        MS has mastered the one thing businesses love which is being perfectly mediocre. If you present a business two pieces of software one that does one thing really well but nothing else, and one that does three things terribly, they’ll pick the one that does three things terribly every time. That’s the MS design, it smears a thin coating of suck across as broad a surface as possible and then advertises that it does everything.

    • syreus@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      16 hours ago

      Crashstealer is still recent enough I see articles written about it.

      If you want something secure learn secure practices.

  • Victor@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    arrow-down
    13
    ·
    2 days ago

    IMO, broken ≠ vulnerable. Broken to me means it doesn’t work. There’s a difference, to me. 🤷‍♂️

    • dracc@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      42
      ·
      1 day ago

      If the “working” definition is “is secure”, and there’s 11 ways in which it’s not, is it not “insecure”, aka. “not working” then?

      • Victor@lemmy.world
        link
        fedilink
        English
        arrow-up
        3
        arrow-down
        12
        ·
        1 day ago

        “Being secure” doesn’t seem to be the primary function of a “UEFI shim”, so no? 🤷‍♂️

        • urushitan 漆たん@kakera.kintsugi.moe
          link
          fedilink
          English
          arrow-up
          14
          ·
          1 day ago

          Well considering that the “UEFI Shim’s” role is to sit in between a Microsoft owned certificate signing chain, it is certainly part of it’s primary role.

          With Linux distributions supporting UEFI Secure Boot, the above-described Secure Boot mechanism built around Microsoft keys introduces some challenges. Every Linux distribution generates its own bootloader binaries, and each of them has a different hash. Getting every Linux bootloader signed directly by Microsoft would be slow, bureaucratic, and impractical (if not impossible) to maintain across all Linux distributions.

          The solution to this problem is a shim: a small, minimal first-stage bootloader that Microsoft can vet and sign once, and which then creates a secondary trust anchor for the rest of the Linux distribution-specific boot stack – usually GRUB 2 and the Linux kernel. This trust anchor is another certificate, referred to as a vendor certificate (managed by the distribution vendor), added to the shim binary before it is signed by Microsoft.

    • sp3ctr4l@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 day ago

      Secure boot is supposed to be a lock.

      Turns out there are 10 year old tricks that bypass that lock.

      A lock that cannot deny access to people without proper key… is a bad lock.

        • sp3ctr4l@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          3
          ·
          1 day ago

          No.

          Secure Boot is basically a ‘lock’, on the UEFI.

          UEFI - Shim is basically a ‘lockpick’.

          UEFI is the first step in your computer booting, turning on.

          So, if Secure Boot is supposed to be a ‘lock’, that limits who can access the UEFI … but it turns out that there are many, old, UEFI - Shims, that defeat that ‘lock’… then Secure Boot is not a good ‘lock’.

          I don’t mean to be rude but it seems like there might be a bit of language confusion going on here… In English, a ‘shim’ is a kind of crude/simple tool that can be used to break or bypass some actual physical locks.

          So ‘UEFI-Shim’ basically means ‘a thing that breaks into your UEFI’.

          • Victor@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 day ago

            I don’t think there’s a language barrier here. I’m fluent in English, and I know what a shim is, both IRL and in the software world. I’ve just not run into it in a boot loader context before. And I’m not really knowledgeable when it comes to secure boot, either. Just trying to understand. 🙂

            Are you sure that’s a good phrasing though, “that breaks into your UEFI”?

            A shim is usually something that you use to add or modify functionality by interception, right? Like a middle-ware, almost. So these old shims, are they responsible for functionality that directly has to do with Secure Boot, or something else?

            If so, they are broken — i.e. not fulfilling their purpose.

            If something else, they are not broken. They are just breaking something else, or making it vulnerable.

            Am I making sense? Does it not make sense? Because after all, I don’t know much about the details of the subject matter. 😁

      • imecth@fedia.io
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 day ago

        There’s like dozens of ways to open a lock without the proper key, it’s probably not the best comparison…

        • sp3ctr4l@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          1 day ago

          I think that Victor may not have English as his primary/first language, I am trying to use a simple comparison that is more likely to convey the general, fundamental concepts.