UEFI secure boot

Ernest Doub hideserted at gmail.com
Tue Sep 27 01:53:01 UTC 2011

On Mon, Sep 26, 2011 at 4:29 PM, Avi Greenbury <lists at avi.co> wrote:

> Rashkae wrote:
> > On 09/26/2011 06:53 PM, compdoc wrote:
> > > http://www.theregister.co.uk/2011/09/23/ms_denies_uefi_lock_in/
> > >
> >
> > Am I the only one who thinks this is actually a good idea from MS?
> I'd not seen it attributed to MS before, but no, it makes sense to me.
> It'd be nice to avoid the trust issues that have befallen SSL on the
> web, though I do see that extending the trust in the manufacturer to
> make good hardware as far as entrusting them to certify only good
> software is much more logical than deciding that arbitrary companies
> capable of generating random numbers are to be trusted on no prior
> grounds.
> > If PC makers wanted to lock pc's they could have done long before now.
> I don't think they do directly, but they want Windows cheap and I don't
> really see why they'd necessarily not remove some toggle control in
> order to carry on paying £5 for their Windows licenses.
> > 4.  What I would like to see is OEM's making BIOS that can sign their
> > own boot sectors.  I can see no reason why this wouldn't be
> > implemented.  Basically, if a Boot sector/MBR gets changed in a
> > system with Secure boot enabled, the modified code will not boot
> > until someone with the BIOS password goes in and specifically tells
> > the bios to sign code The flaw with this idea, I suppose, it might be
> > possible for an attacker to read the private key from the BIOS, and
> > sign itself when installing.
> The bigger flaw is that you're assuming the user is in a position to
> make that judgement as to whether to allow the code to run, and in a
> position where they actually care. Neither of these are generally true,
> as we can see with attitudes towards current, conventional, malware.
> --
> Avi
> --
> ubuntu-users mailing list
> ubuntu-users at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

The thought/question has occurred to tiny little NOOB brain that what is to
stop the attacker from writing a program to install a virtual box on top of
the secure layer that mimics the users system with all the inimical
spyware/keyloggers/etc. running in the background?
With these new multi-processor systems there are a lot more un-used clock
cycles available for malware to use without slowing most users down to the
point where they actually notice.
<http://linuxcounter.net/cert/544489.png>Accidental deaths by firearms
account for less than 1% of the 30,000.  There are three times as many
medical mistake deaths in the US than there are accidental gun deaths.
Perhaps we need safety locks on doctors and nurses?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20110926/ba3d83ec/attachment.html>

More information about the ubuntu-users mailing list