Skip to content

Top New Best Ask Show Jobs

Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass | Better HN

Another Crack in the Chain of Trust: Uncovering (Yet Another) Secure Boot Bypass (opens in new tab)

(binarly.io)

126 pointsvitplister9mo ago137 comments

137 comments

jrm49mo ago

I still genuinely struggle to understand the advantage of UEFI/Secureboot whatever over BIOS.

I own a piece of hardware, so I can do what I want to it. Out there, there is software, which I have to figure out how I'm going to trust, whether it's e.g Windows and I'm trusting that whole way of doing things, or Linux and that other whole way of doing things.

lmm9mo ago

Theoretically you hook up your whole disk encryption to your secureboot and it protects you against "evil maid" attacks. But yeah I'm pretty sure in practice it's about making it harder to install Linux or watch imported Blurays.

miki1232119mo ago

I suspect the actual reason is a lot more banal, it's enterprises asking for it.

People who own fleets of devices and need to keep them secure don't care about homegrown Linux distributions, they want to minimize the fallout from that one employee installing the "FlashPlayer update" again. Those are the people driving the concerns of Microsoft and computer vendors.

HPsquared9mo ago

With laptops, unauthorized physical access happens a lot more often. People lose them, they get stolen, etc.

mjg599mo ago

You should be able to do what you want to it. You should also be able to configure it such that only you can do what you want to it, and nobody else can.

Secure Boot protects against boot kits, malware that replaces the bootloader and backdoors the OS as it boots and before any other security protections kick in. Real world bootkits have been found in the wild, and we've even seen them use vulnerabilities in signed (now revoked) bootloaders, so we know secure boot has forced their developers to work harder. You may not be worried about that as a risk (well, until you are) but there are real people who this has genuinely protected.

Is it worth it by default? Completely reasonable separate discussion to have. But is there a reason it exists? Absolutely.

JCattheATM9mo ago

> I still genuinely struggle to understand the advantage of UEFI/Secureboot whatever over BIOS.

Apart from way nicer boot menus and bootloader setup?

In a security context, it prevents a whole host of attacks, it's clearly an advantage and a much needed progression.

> Out there, there is software, which I have to figure out how I'm going to trust,

Yes, and with secureboot, if you guess wrong, that malicious software can do less damage than it otherwise could.

heavyset_go9mo ago

Stick a BIOS password on your machine and turn on Secure Boot.

Unless there's an exploit in your firmware, you are now secure against petty criminals stealing your data to even somewhat sophisticated attacks from non-state actors via data exfiltration, software keyloggers, etc.

You can go another step further and use Secure Boot in a chain of trust up to the kernel with Linux, ensuring everything up to the kernel from boot isn't tampered.

Secure Boot isn't about protecting yourself from the OS or software, it's about establishing a chain of trust from the boot process up so you are running the system you intend to run.

This comment assumes you're using disk encryption on top of Secure Boot. When doing FDE, unless your firmware supports it, part of the boot process must be unencrypted to spin up encrypted disk access, and to protect that process, you can sign the unencrypted software to ensure its authenticity despite lack of encryption.

fsflover9mo ago

> you are now secure against petty criminals stealing your data

Ordinary disk encryption would protect me too here, wouldn't it?

necovek9mo ago

It's mostly about your UEFI firmware coming with a set of trusted CAs to verify bootloader is built by one of the trusted parties like Microsoft or Canonical or Redhat or...

You can turn it off, or make it into trust-once and sign your own bootloader, and avoid the risk of bootkit getting installed ever, except with exploits like these.

josefx9mo ago

Unless the software vendor requires it to be locked down hard. Microsofts certification requirements for ARM devices back in 2012 explicitly required secure boot and prohibited custom certificates.

c0l09mo ago

It would be fine it were only that. The actual problem is that software vendors can and do use Secure Boot to also check if you, the machine's owner, "decided" to "trust" this set of special CAs - and if you did not (and limited your freedom to execute any code you want in any way you want it on your machine in doing so), make the software you bought/licensed from them - or any other software you would like to run on top of these vendors' platforms - refuse to work on your machine.

Nextgrid9mo ago

"BIOS vs UEFI" and Secure Boot are two different things.

UEFI supports the latter if you want and configure it, but it's not a requirement of UEFI, and technically a BIOS could also implement signature verification of the boot sector.

FirmwareBurner9mo ago

>I own a piece of hardware, so I can do what I want to it.

It's not a feature for you, it's for enterprise/corporations. You might be the user of the PC, but your employer owns it, and they want it as locked down as possible both from you and from other potential bad actors.

autoexec9mo ago

Then why force it into consumer hardware? If it were only available on enterprise servers nobody would care.

RiverCrochet9mo ago

If an attacker gains root privileges on your system, an attacker can modify the bootloader on your boot device to load a different kernel than the one you have installed, possibly one that the attacker uploaded that may have backdoors, etc.

Secure boot requires that the bootloader match a hash derived from a TPM-stored key.

Of course, you get the same protection (and update hassle) by storing the bootloader in something that can't be written except when you specifically enable it.

A better scheme than the UEFI secure boot/TPM junk is simply a 2GB SD card (enough to hold a bootloader, kernel, and initrd) in an SD card reader with a physical read/write switch. When it's time to update your bootloader or kernel, flip the switch to write mode, then flip it back - heck the system could even refuse to boot if write mode was enabled on boot.

Honestly I don't know why the whole PC firmware shouldn't be on that SD card. Corrupt unbootable BIOSes can be fixed with a new SD card.

For remote updates, the physical switch could be replaced with a GPIO pin and a Raspberry Pi that you connect to and log into separately. It's less secure than the physical switch but oodles more secure than what's there now - maybe not oodles but at least the software on a Pi is much higher quality than UEFI vendors.

mjg599mo ago

> Secure boot requires that the bootloader match a hash derived from a TPM-stored key.

This isn't even slightly accurate. Secure boot does not rely on TPM keys on any way.

xinayder9mo ago

If an attacker has root privileges to my Linux system, what's stopping them from overwriting my Linux kernel image in my boot partition with one that has backdoors?

jrm49mo ago

"If an attacker gains root privilieges.."

LOLOL lemme stop ya right there chief. I'm screwed anyway? This is ridiculous.

db48x9mo ago

> The root cause of this bug, once again, lies in the unsafe handling of NVRAM variables.

Sheer incompetence, in other words.

OjotCewIo9mo ago

UEFI variables or not: who in their right mind serializes raw pointer values to any kind of storage (network, disk, nvram, ...)?

Why is it that the most security-sensitive areas are ravaged by the sloppiest programmers and the most negligent managers and business types? I'd like to understand the economics and the psychology behind it.

db48x9mo ago

It’s something about hardware companies writing software. The motherboard itself may be excellent, but the BIOS/UEFI/ACPI tables will be horrible.

Meanwhile you look at a company like Oxide that is a software company at heart, and their equivalents are so much better. Like someone actually designed it so that when humans write the software it will still be secure.

scraptor9mo ago

When's the last time you made a motherboard purchase decision on the basis of firmware quality? Or rather, when's the last time a corporate purchasing manager got fired for buying motherboards with low quality firmware?

gmueckl9mo ago

Security is competing with all other requirements that a product has. That's all there is to it.

quotemstr9mo ago

> Why is it that the most security-sensitive areas are ravaged by the sloppiest programmers and the most negligent managers and business types?

Lemon market: https://www.sfu.ca/~wainwrig/Econ400/akerlof.pdf

Buyers can't distinguish good work from bad, so they pay only average price and thereby drive out the high-quality sellers.

eviks9mo ago

The economics is there is little cost to having vulns, so you don't incur the extra cost to hire/push devs to code securely?

EPWN3D9mo ago

They're not. They're ravaged by probably the same quality or slightly higher than average. The cost of mistakes is just way higher.

getcrunk9mo ago

Yea but when things like this keep happening … it becomes a pattern. A very convenient one at that.

eukara9mo ago

or they have read the Simple Sabotage Field Manual.

candiddevmike9mo ago

This is all too common with any kind of user infantilizing security feature. Trust us bro, it's secure.

ahepp9mo ago

I'm not sure I understand why secure boot is user-infantilizing? I think there are some legitimate concerns about where attestation could be headed, but I like the ability to force my machine to only run signed executables.

It seems like the immediate problem here is that most people will never enroll their own keys, and if every vendor's crappy EFI binary gets signed by Microsoft, there will be a huge library of garbage vendor code which is all an attack surface.

baxtr9mo ago

> Because the attacker’s code executes before the operating system even loads, it opens the door for attackers to install bootkits and undermine OS-level security defenses.

Excellent.

pabs39mo ago

I wish the hardware industry went more in the direction of the State Considered Harmful paper:

https://blog.invisiblethings.org/papers/2015/state_harmful.p... https://www.qubes-os.org/news/2017/07/08/toward-a-reasonably...

fsflover9mo ago

https://forum.qubes-os.org/t/why-does-qubes-os-not-get-more-...

https://forum.qubes-os.org/t/deployments-of-qubes-by-entitie...

fsflover9mo ago

Fortunately there's a FLOSS alternative: TPM with Heads, https://osresearch.net/. Works for me.

getcrunk9mo ago

What hardware do you use the most recent supported seems like the Librem offerings. Which are intel 10th gen. Otherwise it’s gets pretty ancient

fsflover9mo ago

Indeed I'm using a Librem laptop with Pureboot. Librem 14v1 has been discontinued, Purism is developing the second version, hopefully with a newer CPU.

1oooqooq9mo ago

why not secure boot with your own keys?

... granted, effectively removing Microsoft keys is a pain on some consumer devices, but still easier than this

dietr1ch9mo ago

My first encounter with UEFI turned out to be quite expensive because UEFI was way too new and easy to brick. I guess things are better now, but toying around with this might still be a risk not worth taking as a consumer.

jerhewet9mo ago

Please ... just give me back my BIOS.

gruez9mo ago

BIOS isn't magically secure either. It has no secureboot so it just runs whatever.

lmm9mo ago

In theory, sure. In practice I'd bet UEFI-based systems are easier to compromise, because the attack surface is just so much larger.

adrian_b9mo ago

Nevertheless, it is trivial to make any BIOS-based computer at least as secure as the most secure UEFI/secureboot-based computers.

For that, any SSDs/HDDs included in the computer should be non-bootable and fully-encrypted.

Then the BIOS will happily run whatever an intruder will attempt to run, but nonetheless the intruder will not have any access, neither for reading nor for writing, to the data hosted by the computer.

The owner can boot from a removable USB memory, used as a computer key, whose content cannot be modified by someone else as long as the owner keeps it.

All Intel/AMD CPUs have backdoors in the form of the System Management Mode and of various hardware management engines, which can be exploited by a malicious BIOS or UEFI firmware to monitor what the operating system that is controlled by the user does, but SecureBoot also offers no protection against such backdoors. ARM CPUs are no better, because many of them have copied Intel, so they have the equivalent of the SMM: EL3.

If you run yourself a hostile application after booting, then SecureBoot also does not offer any protection against that.

Lammy9mo ago

I refuse to endorse any mindset where my Personal Computer unquestionably running my code could be considered a bad thing.

hulitu9mo ago

secureboot also runs "whatever". It is just picky about which "whatever" it runs (hint: it runs the "whatever" for which Microsoft has the keys).

jeffrallen9mo ago

A fish, a gun, and a smoking barrel. Sigh.

j / k navigate · click thread line to collapse