back to article Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder. These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure …

  1. Anonymous Coward
    Anonymous Coward

    Can I tell you a secret? It's been three days since I slept. I’m up to about 200 milligrams now. But that’s not the secret.

    Windows is gone. You heard me. It’s gone.

    It was so simple. I’m way more aware now. I’m way more focused. And I’m feeling 100%.

    It’s gone. It’s gone. It’s gone.

    Debian is working, and fuck if this OS doesn’t feel good. I can even handle IRCing with people. Even Linus's stupid rants are starting to sound fascinating.

    Why haven’t I done this before? Damn this filesystem looks immaculate.

    I’m pretty sure I even found God. Amen. Amen. Amen. AmenAmenAmen. AMEN!

    Even routine sysadmin is enthralling. The config is all text files. Of course!

    We can finally be back to normal. It’ll just be me and you my Tux. We'll compile together. Maybe I'll script you. Or we'll just browse. But the point is, It's gone!

    1. Destroy All Monsters Silver badge

      This is refreshing to hear.

      But know this that Linux is stil at the lowest steps of OS Godhead.

      1. Tom 7

        RE: This is refreshing to hear.

        The lowest steps of the OS Godhead? I think you are missing the fact that the largest portion of OS Godhead tools and apps that you think are there to run your systems are there to allow you to manage the failures of the system. Linux doesnt have all that flashy stuff to clear up after itself as its not that incontinent.

        As we say down in the west country when asked for directions "You dont want to start from here".

        1. Destroy All Monsters Silver badge
          Holmes

          Re: RE: This is refreshing to hear.

          Linux is just a system that works based off 60's tech. Nothing exceptional here.

          Nice but...

          The really good stuff is yet to be designed

          > you think are there to run your systems are there to allow you to manage the failures of the system

          How do you know what I think?

          1. allthecoolshortnamesweretaken

            Re: RE: This is refreshing to hear.

            "The really good stuff is yet to be designed."

            Fair point. What we have now is basically 1960ies stuff on speed, and a lot shinier, but still nothing revolutionary differtent from what Johnny von Neumann* dreamt up** in the late 1940ies.

            * I sometimes wonder what he might have come up with, had he been around longer.

            ** Or rather compiled from various sources, to be fair to all the others involved.

            1. DropBear

              Re: RE: This is refreshing to hear.

              "I sometimes wonder what he might have come up with, had he been around longer."

              A fair question albeit one that I always find amusing - thinking of short-lived geniuses people always tend to assume for some reason that they would have kept on "geniusing" at a steady pace, forgetting that actual evidence suggests sparks of insight are actually mostly fairly solitary events: eg. Einstein certainly wasn't short-lived and while his legacy is impressive, it's not like he kept coming up with another theory of relativity calibre thing every five to ten years...

            2. Pseu Donyme

              re: von Neumann

              What I'd recall was that von Neumann got involved in the US war time computer programs (most importantly EDVAC as far as the eponymous computer architecture is considered) and put together an excellent memo of what he learned as a result. As the memo got somewhat wide distribution despite being about a secret wartime program and was about the only source of such quality right after the war, von Neumann got pretty much all the credit, much of which should have gone to John Mauchly and J. Presper Eckert, at least. (Actually, for a long time, the Americans got all the credit, despite Konrad Zuse's earlier work and that in the UK on the Colossus. Sadly, these are still rather poorly known.)

              1. Dadmin
                Thumb Up

                Re: re: von Neumann

                Sorry to be late to this party, but I'm on to you, friend. You need to watch an old PBS special called The Machine That Changed The World. It's five parts, and produced around 1992, so the Internet was still all text, and it predates www too, but all the important bits are in there; Babbage, Conrad Zusse[sp?], Eckert and Mauchly, ENIAC, EDSAC, all the SACs! The early IBM days, just the whole of computer history up until 1992, and there was a lot to cover. But, you are correct, many people are not knowledgeable about the history of computing in general. This series bridges a gap and provides the story from nothing until Internet and x386 desktops ruled the ancient skyline.

            3. fung0

              Re: RE: This is refreshing to hear.

              allthecoolshortnamesweretaken: "What we have now is basically 1960ies stuff on speed, and a lot shinier, but still nothing revolutionary different from what Johnny von Neumann* dreamt up** in the late 1940ies."

              Maybe that's all we ever really needed?

              1. Ken Hagan Gold badge

                Re: Maybe that's all we ever really needed?

                If you only ever really needed a serial machine, von Neumann's model is sufficient. We're still waiting for something that is sufficient for the massively parallel case.

                1. jake Silver badge

                  Re: Maybe that's all we ever really needed?

                  Quite honestly,Ken, Linux seems to be doing a nice job in the "Massively Parallel" contingent of the TOP500 ... I misplelled that as "TOPS500", took a second to realize what was wrong. Probably showing my age ;-)

      2. scarletherring

        Top step: Temple OS? http://www.templeos.org/

        1. Anonymous Coward
          Anonymous Coward

          Top step: Temple OS? http://www.templeos.org/

          Hosting information on a website that demands Flash is not quite convincing when it arrives in a discussion about security. Call me picky, but that's jumping from the frying pan into the fire.

      3. oldcoder

        Actually, Linux is at the top. The most phones, supercomputers, a bit more than half of IoT... It even controls Azure networking, and about 25% of all instances on Azure.

    2. Anonymous Coward
      Anonymous Coward

      I did that quicker..

      .. why do you think I stuck with OSX (and iTerm 2 of course)?

      That said, OSX sucks as a server so there Linux is really the only viable option.

      1. frank ly

        Re: I did that quicker..

        Welcome ! :)

        (Remember to regularly boot from a Gparted Live CD to copy your root and /home partitions onto another drive, as a backup, in case you get too inquisitive and experimental in the early stages.)

      2. Anonymous Coward
        Anonymous Coward

        Re: I did that quicker..

        >>>> That said, OSX sucks as a server so there Linux is really the only viable option.

        *facepalm* You think that windows/osx/linux are the only 3 OS's out there? With such a narrow and blinkered view, I hope you never become an IT consultant, and are never involved in speccing up projects.

        1. Anonymous Coward
          Anonymous Coward

          Re: I did that quicker..

          *facepalm* You think that windows/osx/linux are the only 3 OS's out there? With such a narrow and blinkered view, I hope you never become an IT consultant, and are never involved in speccing up projects.

          For your average SME, those are the choices. Not for me personally, no - I rolled into systems during the VAX/VMS and mainframe era so I know life exists outside *nix. It's life, but not as most know it :).

          As for being an IT consultant - nah - looong ago. Now I pay such to design for me, and like others in my position I never let on that I know a lot more that your average board member. You can see them mentally trying to work out which yacht they can buy from the bonus when they chat on a golf course with me, and I'm happy to let them think that until they meet me again. You have no idea how much fun it is to tear a proposal apart and watch a sales director realise that you know every trick in the book, know where all the padding sits and know how to establish a spec that doesn't yield lots of change control revenue later on. They'll be lucky if I leave them a half inflated bicycle tire by the time I'm finished...

          That said, it's becoming much harder to find victims for my evil sense of humour, though, word spreads, but knowledge saves a LOT of money. I have no problem paying for something that is worth its price (and that does exist once you got all the idiots out of the way) and I'm know for not quibbling about the price for something worthwhile either, but God help you if you try to con me.

          1. Jamie Jones Silver badge
            Thumb Up

            Re: I did that quicker..

            I like your style!

            I'm also an ex vax/vms blokey... showing my age now :-(

            1. Anonymous Coward
              Anonymous Coward

              Re: I did that quicker..

              I'm also an ex vax/vms blokey... showing my age now :-(

              Don't worry about your age - cultivate that aura of evilness your experience has built up and enjoy it :).

    3. Mutton Jeff
      Flame

      Burn the witch!

    4. Antron Argaiv Silver badge
      Thumb Up

      The good news

      All those Surface RT tablets are no longer useless...

      1. Herby

        Re: The good news

        I suspect that the price on these went up on EBAY after this was published. They might even be useful now.

      2. TVU

        Re: The good news

        "All those Surface RT tablets are no longer useless..."

        l get the distinct impression from reading that article that Microsoft's aim was not so much about protecting the consumer from having their device being hijacked but more about maintaining Microsoft's presence on that device, i.e. to ensure that Windows is not replaced by another operating system.

        The more l learn about Redmond's inner workings, the less l like their attitude.

    5. Sloppy Crapmonster

      Mr. Robot?

  2. hplasm
    Devil

    In other news-

    Microsoft Security team win top awards at Edinburgh Fringe festival.

    1. Chika
      Devil

      Re: In other news-

      Hahahahahahahahahahahahahaha hahahahahahaha hahahahahahahahahahaha hahahahaha...

      Hang on. Almost done.

      ...hahahahahahahaha hahahahahahaha hahahahahahahahahaha!

  3. Hans 1

    Ouch

    Well, imagine the mess, imagine the stress in Redmond, this needs a downfall parody. Some guyz are gonna get 5" thick barge-poles up their backsides ...

    1. Mage Silver badge
      Coat

      Re: Ouch

      Unless this is a deliberate mistake?

      Discredits the FBI policy they hate.

      Reduces howls of indignation about the orphaning of ARM Surface tablets.

      1. Kane

        Re: Ouch @Mage

        "Unless this is a deliberate mistake?

        Discredits the FBI policy they hate."

        Well, wouldn't you pick a set of systems that are not going to be supported any longer?

        "People are particularly keen to unlock their ARM-powered Surface fondleslabs and install a new operating system because Microsoft has all but abandoned the platform."

      2. John Smith 19 Gold badge
        Windows

        Unless this is a deliberate mistake?

        That's just a mad delusional conspiracy theory that no one should take seriously

        Never ascribe to a plan what simple incompetence can adequately explain.

        1. Stevie

          Re: Unless this is a deliberate mistake?

          Idiots. They should have immediately spun it as giving altenatives to the RT owner as an Open Customer Service initiative.

        2. chivo243 Silver badge
          Trollface

          Re: Unless this is a deliberate mistake?

          @John Smith 19

          It may not have been a sanctioned by the top brass leak, but some clandestine movement within Redmond may have "helped." Wink, wink, nudge, nudge...

        3. fung0

          Re: Unless this is a deliberate mistake?

          John Smith 19: "Never ascribe to a plan what simple incompetence can adequately explain."

          Especially in the case of Microsoft. Not that they don't have endless little plots... but none of them rise to anywhere near the level of cleverness that this leak would have required.

        4. Captain DaFt

          Re: Unless this is a deliberate mistake?

          "Never ascribe to a plan what simple incompetence can adequately explain."

          Ah, but it fits so well!

          A loss making, all but abandoned venture on one side, Governmental pressures on another... The key leaks is a masterstroke that takes care of both problems at once!

          Don't forget that MS actually has some bright sparks working for it in hardware/software, just none in the marketing/public relations departments.

          (Besides, who doesn't love a good conspiracy? Especially one that'll give the spooks nightmares and headaches?) :)

    2. Hans 1
      Joke

      Re: Ouch

      >Some guyz are gonna get 5" thick barge-poles up their backsides ...

      And they deserve a punch in the face from the "rest of us". So, well, if you live in or near Redmond,[Money]Washingto[w]n, and see Microsofties leaving the office with 5" barge poles hanging out of their arses, hit the shit out of them, please, thanks!

  4. TheProfessorY

    I wonder...........

    ........if this would work on the XBox? A few tablets sold will not be a huge deal. If 50M+ Xbox suddenly can be rooted and be used to play compromised games that would not be good for that platform.

    1. FuzzyWuzzys
      Happy

      Re: I wonder...........

      No idea but I'll put a month's salary down at WIlliam Hill as I'm so sure someone is checking it out right now!

    2. Dabooka
      Thumb Up

      Re: I wonder...........

      It might just force my hand to buy one.

      The original X-Box (now sitting in my shed as a juke box and Mame tool) only got really good once it was chipped.

  5. Rick Leeming

    Surface RT with Android sounds good.

    Been using The Wife's Surface RT recently, and damn it has got slow. Even she has complained about it. I think it is time to look at an Android build. While I actually like the Surface, it is now way too limited, and as Word etc are free on Android I'm not going to lose any real functionality.

    I'd go Linux, but I don't want to make herself learn a 'new' OS from scratch.

    1. CAPS LOCK

      "I'd go Linux, but I don't want to make herself learn a 'new' OS from scratch."

      You must be new here. There exists an alternative OS which is more like Windows than Windows. I shall not name it for fear of the wrath of the M. O. R. M. s

    2. Mage Silver badge

      Re: Surface RT with Android sounds good.

      Linux Mint, Mate Desktop (change some default settings) and "Redmond" theme. More like windows than Win 8 or Win 10.

      1. Rick Leeming

        Re: Surface RT with Android sounds good.

        I already use OpenSUSE as my preferred desktop OS (Unless I'm gaming). She hates not having the current version of office to do her work on. In fact she goes mental if I've switched the default boot to Linux without forgetting to put it back again.

        Linux isn't always the answer, some people even when shown the alternative will still pick Windows over *NIX or OSX/MacOS. I still run Windows for gaming, because it is just easier than the alternatives.

        1. nijam Silver badge

          Re: Surface RT with Android sounds good.

          > ... some people even when shown the alternative ...

          ...will plug their ears and demand what they're already familiar with.

    3. Antron Argaiv Silver badge
      Thumb Up

      Re: Surface RT with Android sounds good.

      I'd go Linux, but I don't want to make herself learn a 'new' OS from scratch.

      I've converted several friends...not really a big hurdle. Linux can be fairly WinXP-like.

      Try this: take an unused PC (or borrow one from a friend if you don't have one). Purchase or borrow a second HDD compatible with the PC you borrowed. Remove the original HDD and replace with the "scratch" one. Install Linux (I recommend Linux Mint MATE) on the scratch drive and let her try Linux.

      After the experimenting is complete, swap drives again and the PC is just like you found it.

    4. Anonymous Coward
      Anonymous Coward

      Re: learn a 'new' OS from scratch

      " I don't want to make herself learn a 'new' OS from scratch."

      People have already had to re-learn the OS several times, whenever MS give Windows a significant update, surely? One last time for the good lady won't hurt, will it, and then she's free of Redmond forever?

    5. Anonymous Coward
      Anonymous Coward

      Re: Surface RT with Android sounds good.

      I trained my partner on kubuntu with crossover office and office 2000. I dont get many support calls now.

      1. d3vy

        Re: Surface RT with Android sounds good.

        "I dont get many support calls now"

        Of course you don't, hast time they asked for help you installed Linux. Who knows what you would do next time... I'm surprised youre allowed in the house ;)

  6. Oengus

    Oops

    It just goes to show that secrets shared don't remain secrets.

    I hope the TLA bods that keep trying to get backdoors inserted into everything are reading this (and learn from the lesson).

    1. dan1980

      Re: Oops

      Thanks - I needed that laugh.

      Learn something. Ho ho!

    2. tony2heads
      Holmes

      Re: Oops

      Like the old saying: "Three can keep a secret, if two of them are dead."

    3. Rene Schickbauer
      Facepalm

      Re: Oops

      It's called "public key cryptography" for a reason ;-)

      1. Anonymous Coward
        Anonymous Coward

        Re: Oops

        It's called "public key cryptography" for a reason ;-)

        It appears someone at Microsoft used "VERY public key cryptography" then :)

    4. John Smith 19 Gold badge
      Gimp

      It just goes to show that secrets shared don't remain secrets.

      "I hope the TLA bods that keep trying to get backdoors inserted into everything are reading this "

      They are

      "(and learn from the lesson)."

      They won't.

      Be clear. It's the management spookocrats who want back doors in everything so they don't have to have probable cause, or in fact any cause to strip mine your hard drive for "national security"

      1. Anonymous Coward
        Anonymous Coward

        What's the alternative?

        For code signing I'm not sure there is much choice but a "golden key". Sure, you can use multiple keys and revoke compromised keys, but that revocation depends on an update being delivered before the compromise. If you started with a bunch of keys, and revoke the old one with each new version you'd reduce the chance that a compromised key could be used before it is revoked, but you'd also eliminate the ability for people to roll back to an older code version so it is really only practical for test builds.

        Having a "sign anything" key was simply a terrible decision on Microsoft's part. Sure, it makes testing easier, but how hard is it to have your build system automatically pass the binary to your signing system? If they had the devices "phone home" on a daily basis checking for key revocations, like browsers do, that would have reduced it to the number of devices that haven't been connected to the public internet since the key compromise became known.

        1. Charles 9

          Re: What's the alternative?

          "Having a "sign anything" key was simply a terrible decision on Microsoft's part. Sure, it makes testing easier, but how hard is it to have your build system automatically pass the binary to your signing system? If they had the devices "phone home" on a daily basis checking for key revocations, like browsers do, that would have reduced it to the number of devices that haven't been connected to the public internet since the key compromise became known."

          What if it's destined to be an OFFLINE system, meaning it'll have no network access? You usually don't want TEST systems on the open net; there's a risk of collateral damage.

    5. This post has been deleted by its author

  7. Destroy All Monsters Silver badge
    Devil

    SHOW THEM ONLINE!.jpg

    Nice writeup!

  8. Anonymous Coward
    Anonymous Coward

    Surely you don't believe the "security" excuse?

    SecureBoot was never really conceived as a way to protect YOU, it merely used the security excuse to protect the one thing Microsoft cares about: Microsoft (or, more to the point, profit). It wasn't an accident that it had as side effect prevented the installation of any competing OS (Linux, of course, also the reason for MS going for UEFI), that was the actual aim and it has done its job well.

    The leaking of the secure boot keys is no drama when it comes to your security, because if you were interested in security, you would not be using anything made by Microsoft in the first place..

    1. phuzz Silver badge
      Facepalm

      Re: Surely you don't believe the "security" excuse?

      EFI was originally Intel's idea, but don't let that get in the way of your rant. Let's stick with BIOS anyway.

      In fact, I'm getting rid of USB too and going back to PS2 because Microsoft are part of the USB consortium.

      1. fung0

        Re: Surely you don't believe the "security" excuse?

        EFI isn't the same thing as Secure Boot. As to whose idea it was... hard to tell, given how closely MS and Intel work together. Both EFI and Secure Boot probably emerged from some joint committee process.

    2. John Sanders
      Holmes

      Re: Surely you don't believe the "security" excuse?

      From Linus mouth:

      --------------8<----------

      Guys, this is not a dick-sucking contest.

      If you want to parse PE binaries, go right ahead. If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chrissake, it's in that f*cking pull request.

      Why should *I* care? Why should the kernel care about some idiotic "we only sign PE binaries" stupidity? We support X.509, which is the standard for signing.

      Do this in user land on a trusted machine. There is zero excuse for doing it in the kernel.

      Linus

      1. Anonymous Coward
        Anonymous Coward

        Re: Surely you don't believe the "security" excuse?

        "Do this in user land on a trusted machine. There is zero excuse for doing it in the kernel."

        And if you don't have a verified trusted machine to work with? Or you can't be sure the userland process can't be hijacked?

  9. heyrick Silver badge

    Explain this to me...

    A Chinese hardware manufacturer locked down its hardware and got a slapping from the Americans, yet Microsoft locks down its hardware and this is supposed to be a good thing?

    What is this, if not bold blatant barefaced double standards?

    1. Anonymous Coward
      Anonymous Coward

      Re: Explain this to me...

      A Chinese hardware manufacturer locked down its hardware and got a slapping from the Americans, yet Microsoft locks down its hardware and this is supposed to be a good thing?

      What is this, if not bold blatant barefaced double standards?

      Hey, you're either with us or a target.. (updated version).

      1. Destroy All Monsters Silver badge

        Re: Explain this to me...

        Well, Microsoft doesn't run embassies in Belgrade, you know...

    2. This post has been deleted by its author

    3. bombastic bob Silver badge
      Devil

      Re: Explain this to me...

      "What is this, if not bold blatant barefaced double standards?"

      let's see if Micro-shaft or any of its top execs and/or board members are prominent donors for the Demo-Rat party and/or the Clintstone Foundation... Right Julian? heh heh heh

      Seriously, though, it's what happens when consumers aren't paying enough attention. UEFI was a bad idea to begin with. Those of us who understand REAL security know that things like this CAN be bypassed. There's NO way to 'lock it down' enough and prevent it from being bypassed. Unless there's a hardware jumper that prevents flashing the NVRAM, and a BIOS setting that prevents writing the boot sector(s) on the hard drive, you can't stop it. Even THEN, it's not 100% effective to have "those things" either.

      Perhaps keeping things simple, making backups easy, and having a bootable CD/DVD image for recovery is the smarter choice... [but don't expect Micro-shaft to do THAT, because it doesn't 'pwn' your machine enough]

  10. gv

    "Secure (?!) Boot"

    Together with UEFI, it's a complete dog's breakfast.

    1. hplasm
      Happy

      Re: "Secure (?!) Boot"

      Secure Boot

      Fragile laces

      1. allthecoolshortnamesweretaken
        Coat

        Re: "Secure (?!) Boot"

        What's that, something like Doc Martens'?

    2. Chika

      Re: "Secure (?!) Boot"

      Useless Extra Faffing Interface

  11. Rene Schickbauer
    FAIL

    Misplaced quotation marks

    Don't write

    Microsoft "Secure Boot"

    when in reality it should be written as

    Microsoft "Secure" Boot

    1. W.O.Frobozz

      Re: Misplaced quotation marks

      No, rather you mean the Microsoft Linux-Blocker, because that's all "Secure" Boot is.

  12. Doctor Syntax Silver badge

    Given that Microsoft have more or less given up on the RT as a source of profit wouldn't it be a good idea to unlock them? It wouldn't cost them anything and would be good PR. The only problem appears to be that, AFAICS from the article, the same keys are used everywhere so they couldn't restrict this to the RT.

    1. Hans 1
      Thumb Up

      >The only problem appears to be that, AFAICS from the article, the same keys are used everywhere so they couldn't restrict this to the RT.

      They could, very easily, AND it would save them moneys, but they are Microsoft for a reason ...

      Imagine, they have to patch this, so, they have to test their patches for RT as well ...

      No, I take that back, they do not test patches, we do ... so, yes, you are spot on!

  13. Anonymous South African Coward Silver badge

    Aw shame, now that the c*t is out of the bag... expect people to be more inquisitive and start extracting allsorts of keys etc...

    Suppose they'll need to think of "Secure Boot v2.00" so the whole race will start all over again.

    1. Chika
      FAIL

      I suppose they will, but that's the problem. A secure boot structure isn't a bad idea but leaving its implementation to a company will always mean that it will be open to corporate abuse. We have already seen this in action where one corporate locks a system against systems that it is in direct competition with, now we see it where a corporation has deliberately left back doors into the product because it does not practice what it preaches.

      Security often boils down to trust. Can you really trust a corporate like Microsoft?

      1. Charles 9

        But then the bigger question is can you really trust ANYONE...even YOURSELF?

        1. Chika

          But then the bigger question is can you really trust ANYONE...

          Probably not. You have to ask what is in it for them. That's if you ignore the incompetence issues.

          even YOURSELF?

          Probably not, but at least I'd know who to blame!

  14. MrTuK

    When is something insecure ?

    When is something not secure ?

    When its created and controlled by MS !!!

    ROFL - People are so, how can I say it - hmmm STUPID !!

    FBI, CIA, NSA, MI5 - Listen up - Nothing is secure, just MS stuff is more insecure than everything else and trying to force a back door into encryption is like giving up on security.

    Just name one security that needs a key for general users which still remains secure after 1 year ?

    The final point I will make is that anyone that uses contactless payments are stupid, NFC payments can be read upto 5M away from you with the right equipment unless it is in a shielded unit, so unless you want to carry around a shielded wallet rather than a fancy plastic or leather one then user's beware !

    1. John Sanders
      Windows

      Re: When is something insecure ?

      >> ROFL - People are so, how can I say it - hmmm STUPID !!

      The entire industry (and IT people) for some reason love to be fcuk ed in the arse and love to deep-throat MS.

      To this day for 30 years I have yet to understand why.

      Oh well, this is the best windows ever, but the next one will fix everything wrong with the current one.

      1. Captain DaFt

        Re: When is something insecure ?

        "Oh well, this is the best windows ever, but the next one will fix everything wrong with the current one."

        I hate to be the one to tell you... But that chain was busted to flinders in the post XP era. :(

        Win7 was apparently just an aberration in the downhill slide.

    2. Charles 9

      Re: When is something insecure ?

      Or unless it's locked until the time of purchase which is what Apple Pay and Android Pay both do. And if you play the Evil Pad card, I'll counter that that can successfully attach Chips, meaning NOTHING is safe at that point meaning it's back to barter.

  15. PassiveSmoking

    The policy was effectively deactivated on these products

    I don't know, doesn't sound that effective to me!

  16. Anonymous Coward
    Big Brother

    Accidental leaking of golden backdoor keys

    Given how, time and time again, backdoors are 'accidentally left in, I suspect their is a high probability that most/all networked devices are deliberately compromised on behalf of the various security services. Therefore protestations about protecting our privacy are totally bogus.

    ps: a simple hardware lock would prevent most remote compromises. makes one wonder why none is included by default?

    1. Charles 9

      Re: Accidental leaking of golden backdoor keys

      Ever locked yourself out of your own house? That's why.

  17. Sureo
    Facepalm

    "FBI and golden keys"

    Wait .... the Feds will take much better care of the backdoor keys so they will never leak out .... oops.

  18. Anonymous Coward
    Anonymous Coward

    So, this is just the same as disabling secure boot on a device that lets you do so ?

  19. Christian Berger

    Actually it doesn't make much difference security wise on a laptop

    If you have physical access to a laptop, you can just use a PCI Express card to access the RAM of it to bypass everything Secure Boot could ever protect. If the laptop doesn't have PCI Express, you can use Firewire, or Thunderbolt or if you have a zeroday in the Windows USB stack, USB.

    Or you can install malevolent hardware, e.g. an LTE card which will compromise the system once the user unlocked the harddisk. All of those paths can be packaged into nice easy to use solutions.

    In short Secure Boot is not about improving physical security. It can only secure business models.

    If you'd want an actual "more secure than your average Linux box" mobile device, make a very slim terminal with all the complicated bits (GSM connectivity, WIFI, etc) outsourced to extra modules connected via simple serial interfaces, and make the terminal itself so trivial and simple that its code will be secure and bug free. Obviously that means having something trivial that only talks to your servers and uses shared keys or some simple key exchange. Then you seal your hardware in non transparent resin, wrap a sense wire around so it'll destroy all of its keys when its broken, seal that in resin, too, and wrap that in a transparent resin with glitter in it, to make it tamper evident.

    If you want a lot more security than you could ever gain from Secure Boot, but are on a budget and still want a "propper PC", just get some nail polish with glitter and paint it over all critical ports (USB, Thunderbolt...) and screws. Then make a photograph. This will make any attacks SecureBoot claims to protect you against visible... at a fraction of the complexity and without giving up ownership of your own computer.

    1. Charles 9

      Re: Actually it doesn't make much difference security wise on a laptop

      Have you ever read Nineteen Eighty-Four. The pods had the capability to reproduce any cookies you tried to make. They probably also have ways of prevent your sense wires from tripping.

  20. DropBear
    WTF?

    Am I the only one...

    ...to notice that nowhere does it say any cryptographic keys were leaked?!? Yes, figuratively, the all-powerful policies that were leaked are a "key" to restricted bootloaders, sure, but why is everybody talking like the actual crypto keys that signed them were leaked? They were not. It's still a failure of Secure Boot of course, and yes, an important secret has become public, arguably making the point the article's title tries to make, but... come on... no keys were leaked.

    1. Anonymous Coward
      Anonymous Coward

      Re: Am I the only one...

      The certificates/signing keys have leaked. Google search turns them up nicely without any skull sweat as to the search terms.

  21. Mikel

    The point

    The point of Microsoft's Secure Boot is to protect their device from an errant user who would try to deprive them of its benefit by installing his own software.

  22. phuzz Silver badge

    "This Secure Boot misstep also affects Windows PCs and servers, but [..] these machines are typically unlocked anyway."

    Not just typically, x86 machines always allow you to modify the Secure Boot settings, as long as you're "physically present". It's only locked on ARM devices (ie Surface tablets and Winphones), just as the bootloader is typically locked on most other ARM devices (ie Andriod and iOS devices).

    So you have always been able to alter the settings on your home PC to remove the Microsoft certificates and replace them with (eg) Red Hat ones, allowing you to verify that your kernel, and kernel modules have not been altered when booting.

    This leak allows you to do the same to your MS tablet or WinPhone.

  23. Anonymous Coward
    Anonymous Coward

    so wait, all our base are finally can belong to us, nao?

  24. fung0

    Securer boot

    phuzz: "x86 machines always allow you to modify the Secure Boot settings, as long as you're "physically present". It's only locked on ARM devices..."

    Really? What about this:

    Windows 10 to make the Secure Boot alt-OS lock out a reality

    "Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down."

    1. John Sanders
      Holmes

      Re: Securer boot

      ""Windows 10 to make the Secure Boot alt-OS lock out a reality""

      Of course, that was always the plan, surprised? not.

      1. Dan 55 Silver badge

        Re: Securer boot

        What's surprising is that so many people think that Windows 8 secure boot rules still apply to Windows 10. MS are just one just one notch away from boiling the frog.

    2. Roland6 Silver badge

      Re: Securer boot

      "Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10 and can offer no way to opt out of the Secure Boot lock down."

      Well given MS wrote the rules, it is only natural that they amend the rules and give themselves a get out of gaol card!

      "Microsoft also mandated that every system must have a user-accessible switch to turn Secure Boot off, thereby ensuring that computers would be compatible with other operating systems."

      In the context of Win10 where the intent was for it to run on everything, the terms 'system' and 'hardware' are open to interpretation. So I suspect someone at MS suddenly realised that their own hardware had to include the user-accessible switch to allow Secure Boot to be turned off and so permit the user to install OS's other than Windows ...

      Now whether OEMs wish to limit the capabilities and thus the sales potential of their kit...

      1. Charles 9

        Re: Securer boot

        "Now whether OEMs wish to limit the capabilities and thus the sales potential of their kit..."

        Now whether OEMs with to defy Microsoft and lose their deep loyalty discounts which may be the only things keeping their computers profitable...

    3. Charles 9

      Re: Securer boot

      You know that's over a year old, and the Win10 free update year has run out since then yet we haven't heard complaints about Win10 systems that are impossible to downgrade because of something like this (they can create keys that work with Win10 ONLY, you know?). Sounds like something that was backpedaled before release.

  25. Someone Else Silver badge
    FAIL

    "Bungling Microsoft ..."

    Enough said!

  26. Stoneshop
    Go

    and is now scrambling to undo the blunder.

    Correct horse bolted stap^Hble.

  27. Inachu

    YES!!! I will be installing Linux tonight! WOOT GREAT NEWS!

    1. andytech

      As it took you this long to work out how you could install Linux

  28. Anonymous Coward
    Anonymous Coward

    Keys simply need to be properly managed

    By this logic, we should immediately can all password managers. Vaults with codes that store master passwords to servers and systems should be destroyed and those codes given out to separate individuals to avoid the weakness of a single link. Banks should go too, because you shouldn't put your money in one place and make an obvious target simply waiting to be robbed.

    Failure to manage a significant key means you alter what the key does, what the scope of the key should contain and how access to it is known and controlled. It does not validate that no backup should exist.

  29. Anonymous Coward
    Anonymous Coward

    "Microsoft declined to comment."

    Pretty much tells you everything you need to know, doesn't it?

  30. Anonymous Coward
    Anonymous Coward

    Advice for Microsoft

    Disable automatic updates (default is prompt/notify), and invest more in software testing instead of outsourcing that to cheap foreigners.

  31. Spotswood

    Linux kernel support

    .... for Surface Pro Touchscreen just released by Linus, then this leak... Coincidence?

  32. cyberdemon Silver badge
    Devil

    "Security of Everyone" - WTF?

    > And perhaps most importantly: it is a reminder that demands by politicians and crimefighters for special keys, which can be used by investigators to unlock devices in criminal cases, will inevitably jeopardize the security of everyone.

    Wait a minute. Blowing secure boot wide open and allowing people to run what they want on their own devices, jeopardises the security of "everyone", does it?

    No, it only jeopardises the security of microsoft's monopoly, and apple's.

    Secure boot is an insidious anti-feature that deserves to be cast into the deepest of technological hells. Along with its bastard brothers Intel SGX and Anti-Theft, and their hideous, bloated, evil witch of a mother, UEFI.

    And the devil himself: Intel Management Engine

    Saying "Oh, but you might get a BOOTSECTOR VIRUS!!" is the same argument as "If you don't accept all of these insidious anti-dissident laws then you will all die in a TERROR ATTACK!!"

    There are worse things that malware can do than install spyware/trojans into the bootsector, frankly, and accepting exactly the same thing at an even lower level from a bunch of corporate neo-feudalists in bed with state spy agencies hardly fixes the problem!

    1. Charles 9

      Re: "Security of Everyone" - WTF?

      "There are worse things that malware can do than install spyware/trojans into the bootsector, frankly..."

      Like WHAT? The bootsector basically comes third in line after BIOS/EFI (basically State territory there; you're essentially screwed if it's in there) and the MBR (essentially the primary boot sector).

      Getting malware into the bootsector essentially executes a pre-emptive attack. It gets the malware ahead of just about any software security measure you can throw at it, making it a useful attack against 64-bit OS's that have a higher degree of code signing. What can be worse than getting ahead of even the kernel?

      1. cyberdemon Silver badge
        Terminator

        Re: "Security of Everyone" - WTF?

        Like encrypting all your files, plus all your backups if they're in an accessible disk or network drive, and then demanding bitcoins.

        That's so lucrative for malware writers that full blown rootkits are a waste of time. Unless you are the NSA or Mossad in which case you could just phone up Intel or Google.

        With technologies like IME, embedded in all new Intel chips, your OS is basically running inside of a VM anyway. You are already rooted before you even install an OS.

        1. Charles 9

          Re: "Security of Everyone" - WTF?

          "Like encrypting all your files, plus all your backups if they're in an accessible disk or network drive, and then demanding bitcoins."

          Nuke from orbit and then restore from an OFFLINE backup. Is it really that hard?

          Some boot/EFI malwares, however, can SURVIVE a nuking.

  33. zen1

    face palm..

    Microsoft: The Hillary Clinton of the IT industry...

  34. AdamWill

    The real skinny

    If you'd like an accurate technical write up of *exactly* what happened here, don't read this article, read this one:

    https://mjg59.dreamwidth.org/44223.html

  35. JoeChiffers

    Only a matter of time

    I guess it was only a matter of time before this came out.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like