Idea Transcript
ghacks.net HomeWindowsLinuxSoftwareFirefoxChromeInternetMobile ComputingCompaniesEmailMiscDeals
Secure Boot bypass revealed Secure Boot is a security standard that is part of UEFI designed to restrict what gets loaded during boot time of the device. Microsoft introduced the feature in Windows 8 back in 2011, and every client or server version of Windows supported it since then. Microsoft stated back then that it was up to the manufacturer of the device to ship it with controls to turn Secure Boot off. Without those controls, it is not possible to use load operating systems that are not explicitly allowed. In worst case, it would mean that only one particular flavor of Windows can be run on a device. This is for instance the case on Windows RT or Windows Phone devices. Secure Boot can be turned off on PCs and notebooks however, at least for the time being. Researchers discovered a way to manipulate Secure Boot on Windows devices, effectively rendering it useless.
Secure Boot uses policies which the Windows Boot Manager reads during boot. Not all policies get loaded though. Policies are usually linked to DeviceID, and the boot manager will only execute policies with a matching DeviceID. Microsoft did introduce supplemental policies which are not linked to DeviceID which in turn enables anyone to enable test signing. With test signing enabled, it is possible to load anything during boot. The “supplemental” policy does NOT contain a DeviceID. And, because they were meant to be merged into a base policy, they don’t contain any BCD rules either, which means that if they are loaded, you can enable testsigning. Not just for windows (to load unsigned driver, ie rootkit), but for the {bootmgr} element as well, which allows bootmgr to run what is effectively an unsigned .efi (ie bootkit)!!! (In practise, the .efi file must be signed, but it can be self-signed) You can see how this is very bad!! A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere! The effect here is that it unlocks Secure Boot on devices where the feature is locked. The method that the researchers discovered works on Windows devices with Secure Boot enabled, but only if Microsoft’s MS16-094 security patch is not installed; also, administrative rights are required. Microsoft tried to fix the issue with MS16-094 in July, and this month’s MS16-100 security bulletins. The first patch introduced blacklisting, the second an update that revoked some boot managers. The patches don’t resolve the issue completely though according to the researchers. You find additional information about the issue on this site. Please note that it plays an intro with music in the background. I suggest you use Ctrl-A, Ctrl-C to copy all content, and paste it in a text document as the music and background animation is quite distracting. Summary
Article Name Description
Secure Boot bypass revealed Researchers discovered a way to manipulate Secure Boot on Windows devices, effectively rendering it useless.
Author Publisher
Martin Brinkmann Ghacks Technology News
Logo
WE NEED YOUR HELP Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site. We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees. If you like our content, and would like to help, please consider making a contribution: DONATE VIA PAYPAL
ABOUT GHACKS
Con
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular
Abo
contributions from freelance writers.
Disc
RSS
Priv
We
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
OK