You are not logged in.
Pages: 1
Hello:
Great way to start the week:
From this morning's The Register ...
Secure Boot useless on hundreds of PCs from major vendors after key leak
Plus: More stalkerware exposure; a $16M TracFone fine; Ransomware victims don't use MFA, and more
Snippets from the article:
... research published last week by security boffins at firmware security vendor Binarily.
... found hundreds of PCs sold by Dell, Acer, Fujitsu, Gigabyte, HP, Lenovo and Supermicro – and components sold by Intel – using what appears to be a 12-year old test platform key (PK) leaked in 2022 ...
"An attacker with access to the private part of the PK can easily bypass Secure Boot by manipulating the Key Exchange Key database, the Signature Database, and the Forbidden Signature Database," Binarily's boffins wrote.
... not like the manufacturers using the offending PK didn't have reason to know it was untrusted ...
It said so right on the package.
Very interesting how secure the boot ended up being.
Best,
A.
Edit:
Just noticed another previous post here about this problem.
No matter: 50+ years later, Arte Johnson can still make me laugh out loud with his routines.
Much needed these days.
Last edited by Altoid (2024-07-29 10:20:54)
Offline
IMNSHO, the fundamental issue with Secure Boot is that it's solving the wrong problem. As I said before, what's the point of Secure Boot if the OS it's going to boot into is insecure? It's the equivalent of ordering Diet Coke to appease your conscience alongside the 16oz juicy steak you're eating.
The first order of business is to fix the lousy OS, then you could meaningfully talk about booting securely.
Before then, the only thing that you could possibly achieve is merely a half-assed non-solution to the wrong problem. Which about summarizes the past 3 decades of Windows history.
Online
a half-assed non-solution to the wrong problem
Are you talking about pulseaudio?
Offline
@igorzwx
ahaha yeah, often it just ends up causing more headaches (much like other Poettering projects, IMO).
Personally, I just find it tricky to set up and too buggy in practice. It feels like a temporary fix rather than a real solution.. still waiting for something that actually works smoothly :P
Last edited by lynch9 (2024-07-30 13:03:56)
Hey, it's lynchian9.
Feel free to reach out via email.
Offline
Good laptops allow uploading your own key. In theory It allows using TPM to decrypt volumes, so that it doesn't ask for password on boot. But you need to trust laptop's BIOS (I wouldn't), and this is susceptible to cold boot attacks.
Apart from being compromised, the default PKE needs to be used with boot loader called “shim”, and it has had vulnerabilities too.
Offline
Why on earth shim has to answer to http requests?
I thought that shim is supposed to be just a bootloader.
O tempora o mores...
Last edited by nahkhiirmees (2024-08-18 20:52:48)
Offline
Http is like the "standard" for everything these days. Everyone and his neighbour's dog can't live without http. You can't do anything with any device without http, even if it's just to boot locally without a network connection (hint: it won't work). The day will come when you can't even go to the washroom without http. Just wait until the hackers hack into a zero day vulnerability in your toilet seat cover.
It's absolutely ridiculous, yet nobody's doing anything about it!
Online
Slashdot has a story about yet another SNAFU with secure boot. MS attempting to fix a Wind'ohs vulnerability has broken GRUB and people with dual boot systems cannot boot.
Last edited by Micronaut (2024-08-21 02:56:21)
Offline
some microsoft windows users having problems with a recent update:
Be Excellent to each other and Party On!
https://www.youtube.com/watch?v=rph_1DODXDU
https://en.wikipedia.org/wiki/Bill_%26_Ted%27s_Excellent_Adventure
Do unto others as you would have them do instantaneously back to you!
Offline
while pointed out in another forum thread, the suggested reading is definitely informative and sharable.
https://dev1galaxy.org/viewtopic.php?pid=51773#p51773
here is a direct link to the suggested reading(in case the original post changes):
Be Excellent to each other and Party On!
https://www.youtube.com/watch?v=rph_1DODXDU
https://en.wikipedia.org/wiki/Bill_%26_Ted%27s_Excellent_Adventure
Do unto others as you would have them do instantaneously back to you!
Offline
Secure boot is bad, because there is a network stack underneath the operating system running like almost always*
*unless you disable parts of intel me and coreboot the system.
Whose idea was it to put a network stack underneath the OS?
That only made problems for everyone, linux users included.
Freedom is never more than one generation away from extinction. Feelings are not facts
If you wish to be humbled, try to exalt yourself long term If you wish to be exalted, try to humble yourself long term
Favourite operating systems: Hyperbola Devuan OpenBSD
Peace Be With us All!
Offline
Pages: 1