Subject: General Tech | August 11, 2016 - 12:48 PM | Jeremy Hellstrom
Tagged: Secure Boot, microsoft, backdoor, security
Yes, even though this occurs on a regular occasion, we are to be shocked that another secret backdoor into a security product has been discovered, exploited and published. In this case it is Microsoft's Secure Boot which has been unlocked and even better news is that it probably cannot be completely repaired without rendering previous backups and installations incompatible. On the positive side, devices which are locked down even for those with administrative privileges such as ARM-based Windows RT tablets can be unlocked and you can chose a different OS to install. The negatives will have more of an effect on businesses and system builders who relied on it to prevent modified Windows installs from booting, preventing infections and questionably sourced Windows images from being used.
The Register has links to more information on Secure Boot and Microsoft's response and you can read some information about the group which found and released the information about this over at The Inquirer.
"Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder."
Here is some more Tech News from around the web:
- Next Generation of Wireless -- 5G -- Is All Hype @ Slashdot
- US couple sues after IP address fingers them for thousands of crimes @ The Inquirer
- Toshiba flashes 100TB QLC flash drive, might release within months. Really @ The Register
- An ATM hack and a PIN-pad hack show chip cards aren’t impervious to fraud @ Ars Technica
Subject: General Tech | May 9, 2016 - 01:38 PM | Jeremy Hellstrom
Tagged: KB3133977, microsoft, asus, uefi, Secure Boot
There are many good reasons to use the new UEFI Secure Boot under Windows 10 but there are also numerous reasons not to. The latest is an issue with a specific Windows Update patch which was recently changed from an optional update to a recommended update. For systems using an ASUS motherboard and running Windows 7 this can be a bit of a bother as your Secure Boot will report that the OS has unauthorized changes and will refuse to boot. If you can get at your UEFI BIOS you can change the OS Type from Windows UEFI mode to Other OS in the boot menu. If this does not resolve your issue The Register has been told you should contact ASUS for support, as opposed to Microsoft since the issues root cause lies in a feature similar to Secure boot which ASUS added to their boards.
"Windows 7 machines that have installed Microsoft's KB3133977 update may trigger a "secure boot violation" during startup, preventing the PC from loading the operating system, Asus said."
Here is some more Tech News from around the web:
- Microsoft: Windows 10 Will Remain Free For People With Accessibility Needs @ Slashdot
- 3D Printing Bone @ Hack a Day
- Acer to launch gaming smartphone in 4Q16, says paper @ DigiTimes
- IBM's POWER cloud powers up almost a year later than promised @ The Register
- A Look At NVIDIA's GeForce GTX 1080, GTX 1070 & New Technologies @ Techgage
- Doom (2016) running on GTX1080 @ Kitguru
- NVIDIA's GTX 1080 & GTX 1070 Detailed @ Hardware Canucks
- Nvidia editors day event gallery featuring GTX1080 @ Kitguru
- AMD's Andrej Zdravkovic @ Kitguru
- TRENDnet TPL-421E2K Powerline 1200 AV2 Adapter Kit Review @ NikKTech
- Luxury all paid trip to see Independence Day 2 in London
Subject: General Tech | March 22, 2015 - 09:14 PM | Sebastian Peak
Tagged: windows 10, Secure Boot, microsoft, linux
Secure Boot is a security measure that prevents malware from interfering with the boot process, but it can also prevent unsigned operating systems from booting on the same hardware. While Microsoft’s “Designed for Windows 8” guidelines required manufacturers to permit users to disable the Secure Boot option, the upcoming Windows 10 release will not have this rule in effect. At WinHEC it has been revealed that Windows 10 guidelines leave it up to the OEM to decide if they will allow users to disable UEFI Secure Boot in the system setup, and making this optional presents an interesting question about compatibility with other operating systems. OEM's will be required to ship computers with Secure Boot enabled to comply with “Designed for…” rules, and while they could then choose to provide the option to disable it (currently the required standard), preventing user installation of other OS software could be seen as a way to streamline support by eliminating variables.
Why does this matter if most people who purchase a Windows 10 computer will run Windows 10 on it? This could be an issue for someone who wished to either replace that Windows 10 installation with another OS, or simply dual-boot with an OS that didn’t support the Secure Boot feature (which could be a build of Linux or even an older version of Windows). Requiring OS files to contain digital signatures effectively locks out other operating systems without special workarounds or keys, and although open-source operating systems represent a small segment of the market thanks to the way computer hardware is sold to most people, it is concerning to think future hardware could cause a loss of the freedom of choice we have always had with operating systems.
Microsoft enjoys market dominance with Windows thanks to its licensing model (giving it a monopoly on pre-built PC systems that don’t have an Apple or Chrome logo on them), but reportedly began considering possibilities "to assert its intellectual property against Linux or any other open-source software” a decade ago, and this has reached farther than they probably imagined with the adoption of Android (from which Microsoft makes money on every device sold). Is this Secure Boot move nefarious, and does Microsoft consider Linux to be a potential threat to the their desktop market share? It could be that Microsoft would simply like to claim that Windows 10 is the safest version of Windows yet, and that isn’t a bad thing for consumers. Unless they want to easily use another OS on the hardware they purchased, that is.
Subject: General Tech, Systems | January 1, 2013 - 12:01 AM | Scott Michaud
Tagged: Secure Boot, uefi
Steven J Vaughan-Nichols of ZDNet published an update on the status of Secure Boot. Fans of Linux and other open-source operating systems have been outspoken against potential attempts by Microsoft to hinder the installation of free software. While the fear is not unfounded, the situation does not feel to be a house of cards in terms of severity.
Even without an immediate doomsday, there still is room for improvement.
The largest complaint is with Windows RT. If a manufacturer makes a device for Windows RT it will pretty much not run any other operating system. Vice versa, if an OEM does not load Windows RT on their device that PC will never have it. Windows on ARM is about as closed of a platform as you can get.
On the actual topic of Secure Boot, distributions of Linux have been able to sign properly as trusted. Unlike the downstream Fedora 18, Ubuntu 12.10, and others: the Linux Foundation is still awaiting a signed bootloader.
Other distributions will need to disable the boot encryption which many thought would forever be the only way to precede. While not worse than what we have been used to without Secure Boot, disabling boot encryption leaves Linux at a disadvantage for preventing rootkits. Somewhat ironic, we are stuck between the fear of being locked out of our device by a single entity and the fear of malice intentions not being locked out.