So much for Secure Boot.
Secure Boot 2.0 will be out soon. It will be the last Secure Boot that you will ever need. It will render your machine unbootable so it will secure by default.
BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled. Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines. But by …
This is really a stack of problems stretching across the motherboard and firmware, UEFI boot process and operating systems.
Many Linux systems bypass this process entirely, and avoid it by being totally insecure at boot time, or only partially support the secure boot chain, leaving gaping holes in the security model. There is some work to close these holes, but the affected Lenovo laptops mentioned in the article would still be a problem, as the entire chain from hardware startup to handover to a signed OS session needs to be secure. It can fail at many levels, and needs a secure handoff from systems built by one company to ones built by others. As a result I expect this is going to be an ongoing problem for the foreseeable future, as the cat and mouse game of discovering and patching flaws continue.
Other than against WSL users this type of rootkit wouldn't be able to load it's windows specific last stage payload under a linux system, but the system is still compromised at a low level and all it would take was a reboot into to a windows session to wake the malware back up.
Linux already had this problem a few years back, when a vulnerability was discovered in grub
(CVE-2020-10713).
In that case, the vulnerability was fixed by August 2020, but the UEFI revocation list wasn't updated until at least October that year. Unless you've used fwupdmgr
to update your UEFI since then, your system will still be vulnerable to an attack leveraging the old version of grub
. (As well as this new malware I guess).
If the TLAs want in to your box, they already can get there via the Intel Management Engine (Intel) or via the Platform Security Processor (AMD). Or via CPU microcode loading (which supposedly is secure, with only Intel/AMD knowing how it's done and what the signatures should be).
(Icon for computer-raiders ...)
So the solution is already known, but nobody's working on it ?
I would have thought that adding a new entry to a list is something that wouldn't take days, let alone weeks, to get done.
I'm going to have to seriously rethink my project time estimates. Modify the input form ? That'll be six months, sir.
Adding the entry is probably not a problem technically.
However it's quite possible that the decision not to add those legitimate but vulnerable binaries to the revocation list was taken because doing so has a potential to make a lot of devices that are not yet patched unusable. If that hits a big company they might even decide to have their lawyers check if the small print in the EULA or elsewhere really allows providers to force updates on you that make your device unusable for its primary purpose just to fix a hole in the secure boot process those companies might not care about.
Now that this is actively exploited the decision may change - are you sure nobody is working on it right now?
Even once the checksums of the vulnerable binaries have been added to the revocation list, that list still needs to be imported into the UEFI of each device.
Presumably Microsoft could make sure that the dbx update wasn't applied until after the bootloader had been updated in the same way that fwupdmgr
on Linux checks before it applies a dbx update that it's not using binaries that are about to be blocked.
I guess you could run into a problem if you update your 'BIOS'* and that updates the revocation list, before you've upgraded your OS
* Technically it's a UEFI not a BIOS any more, but I keep using the old name
Technically it's the fuck up we all knew would happen at some point. Microsoft doing its best to try to stop people loading Linux onto a machine that is only supposed (according to Microsoft) to run their virus (sorry, OS). So now we have an incredibly complex piece of software that replaces the relatively simple BIOS; something so complex its attack vector has been breached.
I always thought with security less is more -- that you reduce the space someone could infect a machine. But Microsoft were more concerned about stopping peopling removing their OS and putting Linux on (ok, I concede many versions now use systemd, another complex piece of crap that makes it difficult to know if it's been compromised; bring back the SVR3 startup scripts!).
Well done Microsoft.
Secure boot alone, and not monitoring at the application layer with dedicated hardware will never be a 100% solution. Securing a PC actually is possible these days, but it is not cheap and hard to maintain. The tech has been in existence for about 10 years now.
So, secure boot, the way they have implemented it, is working as well as can be expected...
>PC BIOS ROM was replaced by something that could be in situ software updated (with no motherboard jumpers to be installed/removed), it was said this was a security risk…
The same was said for processor microcode. But nobody listened then either.
And the keys were hacked.
And Intel continues moronically on in its parallel universe, where speed is all that counts.
There'll be an embedded controller with a dedicated kernel. (See 'firmware version' on disk maintenance tools). And the kernel *should be* firmware- not writable externally.
Then there'll be configuration type flash, writable by the host in some way.
As for malware attacking a disk- if the host is pwned, and there's a weakness at the host <-> disk interface, anything's possible. Where the disk sits within the overall PC security model, or even if that's a thing- I have no idea.
Couldn't be that the MS people actually believe they make bulletproof software, thus preventing them from improving anything and eliminating this threat also?
We have all seen management like this. They won't allow improvement since they only approve perfection. No changes necessary, ever.
To be fair, whilst the vector for this is Windows, the flaw that is being exploited is in UEFI, and Microsoft are only one twelfth of the UEFI Forum board, so they can't really be assigned all the blame. In this case, the likes of Apple, Dell, and HP are all equally culpable.
Have I mentioned this before?
Perhaps I was commenting on E2EE (you know....Signal, Telegram and so on...)....
But now Windows 11 as well.............
Of course, the M$ demand for a Microsoft online account BEFORE one can run a new Win11 install.....of course, nothing to do with this report!
More to come, I'm sure............
FWIW I installed a brand new Win 11 machine 2 months ago and was able to do so without creating a personal Microsoft account. It took a lot of googling to find there is a very small link hidden away to let you configure against a traditional domain, which then lets you get an old fashioned install and to be fair it then worked as perfectly as you'd expect for a Windows laptop.
Second day on the job and I then had to join the Azure AD domain and all the goodness of M365 et al...
How much longer this will be allowed is another question - they seem hellbent on creating a master directory of the human race and controlling everything you see and do.
I have a Win 11 install on my home PC (I still use the Win 10 one though). IIRC, whilst it tried to poke them fairly thoroughly into your face, there is no need to sign up for any Microsoft account to install and run it, it just "warns" you that some "features" are unavailable if you do so. Good, they are almost certainly "features" I don't want, such as "personalised advertising," also known as tracking.
Of course, I'm not naïve enough to think there won't be any tracking without those turned on, but also I don't need or want unnecessary crud on my computer which is mostly used for gaming, web browsing and email, and the odd bit of development when I feel like I've not been punished enough for doing that for a living.
ROM's are great. They are read only memory. Nothing can be written to them. Calling something a TPM and 'secure' boot with a chip that can be overwritten by third party code is by definition never trusted nor secure.
Now sure, one could argue that with a ROM, it would be difficult to update the systems if a bug is found in such a device that can't be updated without replacing said ROM.
But it's obvious that a ROM is far more worthy of being called secure and trusted than a modern day BIOS. They are Hardly 'secure' or trusted.
And as for the issue with insecure ROM chips, Just make a trap door on the laptop with a module that one can replace the ROM chip itself.
Under no circumstances can you call ANYTHING secure or trusted that I, or anyone else can write out own code to.
It's no more secure that the boot sector on a floppy.
You can have convieniance, or you can have security. But never both at the same time.
Gotta say +1 for shooting your own argument down - software and firmware has to be assumed to have bugs, so if it can't be updated then it's only a matter of time before it becomes known insecure instead of merely presumed insecure / not proven secure.
But yes, a physical enable/disable update that actually makes a difference (SD-Cards anyone?) should be mandatory. Sorry, you don't get a +2
If someone can pop out the BIOS-on-ROM chip and replace it with another one, you have exactly the same security problem, just one that requires physical access. The idea of things like secure boot and bitlocker on a laptop is that if the device is stolen, nobody can break into it and get the contents, which are possibly more valuable. If you provide a way to subvert this (or I should say, another way) then this isn't helping matters.
It used to be that you could only update the BIOS via a flashing utility, built into the BIOS boot options. At least that was reasonably secure in that you had to be able to get into the BIOS settings to do it. Now, you can update the UEFI settings from an app in Windows, which anyone can run on an unlocked PC if it's logged in as a user with the required admin permission.
Is there a way to load an OS from a rom chip these days? Something you can only physically change?
If it gets corrupted by malware, just yank the chip out and replace with a clean one. Then, with all storage devices cutoff, flip a physical DIP switch on the motherboard to read-only and then tell it to wipe all storage boot sectors it finds or load cleaning tools.
Something that can't be tampered eletronically, and then flips the switch back to accept a clean modern OS install bypass, then it can be locked again to read-only for that single OS checksum signature.
I don't know, having a read-only onboard OS with a DIP switch seems like a good idea. You could even load a second BIOS with the solid read-only OS onboard.
I think some vintage machines had DOS onboard once upon a time, but if it worked like this somebody would have made it at this point.
First of all, if it is truly Read-Only Memory, it can't be infected once it's burned.
If you're talking about Electrically-Erasable Read-Only Memory -- which obviously is a contradiction in terms, but people misname things as they will -- there were (and perhaps still are) motherboards which required a jumper or a DIP switch change before the BIOS EEPROM could be flashed. To do this in turn requires physical access.
The problem is it is not just the motherboard BIOS EEPROM which needs to be secured. It's also securing:
* the EEPROMS for the computers in the hard drives/SSDs;
* the EEPROMS for the computers in the Ethernet interfaces;
* the EEPROMS for the computer in the keyboard;
* the EEPROMS for the computers in the flat-panel displays;
* the EEPROMS for the computers in the WiFi interface,
* the EEPROMS for the computers in the USB hubs inside your computer ... and probably some more I didn't think of.
I certainly knew this was coming. Only a matter of time. The only surprise is that it took so long. I knew it would take the miscreants a nano-second to bypass all the Windows 11 roadblocks and make all those new PC buyers feel like fools. I'm sure MS knew it too. But it was too good an opportunity to give them and their PC mfg partners a big boost in sales, and a chance to re-engineer Windows with all sorts of data-collection capability to sell. There is now NO benefit to move to 11. It is nothing more than Windows 10 with more sensors and collectors and transmitters. When support for 10 goes away, I'm going away too. Either Linux Mint or Zorin OS. What I'm seeing so far in my sandbox is sparkling. And NONE of this "This PC doesn't meet the minimum requirements..." BS.
UEFI updates were somewhat forthcoming with SPECTRE/microcode but it seems some vendors are a little more "relaxed" about this again. How do you know if your UEFI is vulnerable?
Plus, when you DM the vendor support and they say "why do you need this update?" and you have to point them continually at CVE's you do wonder about the definition of 'support'....
I guess there is no way of making use of the UEFI Revocation list binary unless you have the correct firmware tools?