Secure Boot bypass revealed - gHacks Tech News

Loading... HomeWindowsLinuxSoftwareFirefoxChromeInternetMobile ComputingCompaniesEmailMiscDeals

Secure Boot bypass revealed Secure Boot is a security standard that is part of UEFI designed to restrict what gets loaded during boot time of the device. Microsoft introduced the feature in Windows 8 back in 2011, and every client or server version of Windows supported it since then. Microsoft stated back then that it was up to the manufacturer of the device to ship it with controls to turn Secure Boot off. Without those controls, it is not possible to use load operating systems that are not explicitly allowed. In worst case, it would mean that only one particular flavor of Windows can be run on a device. This is for instance the case on Windows RT or Windows Phone devices. Secure Boot can be turned off on PCs and notebooks however, at least for the time being. Researchers discovered a way to manipulate Secure Boot on Windows devices, effectively rendering it useless.

Secure Boot uses policies which the Windows Boot Manager reads during boot. Not all policies get loaded though. Policies are usually linked to DeviceID, and the boot manager will only execute policies with a matching DeviceID. Microsoft did introduce supplemental policies which are not linked to DeviceID which in turn enables anyone to enable test signing. With test signing enabled, it is possible to load anything during boot. The “supplemental” policy does NOT contain a DeviceID. And, because they were meant to be merged into a base policy, they don’t contain any BCD rules either, which means that if they are loaded, you can enable testsigning. Not just for windows (to load unsigned driver, ie rootkit), but for the {bootmgr} element as well, which allows bootmgr to run what is effectively an unsigned .efi (ie bootkit)!!! (In practise, the .efi file must be signed, but it can be self-signed) You can see how this is very bad!! A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere! The effect here is that it unlocks Secure Boot on devices where the feature is locked. The method that the researchers discovered works on Windows devices with Secure Boot enabled, but only if Microsoft’s MS16-094 security patch is not installed; also, administrative rights are required. Microsoft tried to fix the issue with MS16-094 in July, and this month’s MS16-100 security bulletins. The first patch introduced blacklisting, the second an update that revoked some boot managers. The patches don’t resolve the issue completely though according to the researchers. You find additional information about the issue on this site. Please note that it plays an intro with music in the background. I suggest you use Ctrl-A, Ctrl-C to copy all content, and paste it in a text document as the music and background animation is quite distracting. Summary

Article Name Description

Secure Boot bypass revealed Researchers discovered a way to manipulate Secure Boot on Windows devices, effectively rendering it useless.

Author Publisher

Martin Brinkmann Ghacks Technology News


WE NEED YOUR HELP Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site. We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees. If you like our content, and would like to help, please consider making a contribution: DONATE VIA PAYPAL



Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular


contributions from freelance writers.





We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.



Secure Boot bypass revealed - gHacks Tech News HomeWindowsLinuxSoftwareFirefoxChromeInternetMobile ComputingCompaniesEmailMiscDeals Secure Boot bypass revealed Secure Boot is a security...

231KB Sizes 5 Downloads 23 Views

Recommend Documents

UEFI Secure Boot - The Hacker News
Aug 10, 2016 - Microsoft Accidentally Leaks Backdoor Golden Keys to Bypass Secure Boot Feature. ... it is impossible for

A uMatrix guide for Firefox - gHacks Tech News
Nov 28, 2017 - One thing is uMatrix shows exactly what type of resource and how many of these resources are being loaded

The Importance of Binary Numbers in Computing - gHacks Tech News
Aug 12, 2011 - Binary numbers consist of only two digits, 0 and 1. This seems very inefficient and simple for us humans

Disabling Secure Boot - NeoSmart Technologies
May 26, 2014 - On newer Windows 8 PCs using the UEFI or EFI boot standard, many PC manufacturers use a feature known as

Microsemi Secure Boot Reference Design White Paper
secure boot in the context of an example design. A typical networked embedded system usually contains a target processor

How to Disable Secure Boot in Windows 8 - Make Tech Easier
Feb 25, 2013 - As can be seen, the ability to disable the secure boot is determined by the hardware (mainly the BIOS). W

HP PCs - Secure Boot (Windows 8) | HP® Customer Support
Secure Boot in Windows 8 protects your computer against threats before they can attack or infect the computer. Use this

Alltop - Top Tech News
Alltop presents all the top stories from Tech websites. Think of Alltop as an online magazine rack.

Windows 8 Secure Boot: Calm down, Microsoft is simply copying
Jan 17, 2012 - This is in strong contrast to x86 Windows 8 PCs, which Microsoft has mandated must be able to run other o

'Golden keys' that unlock Windows' Secure Boot protection discovered
Aug 11, 2016 - Windows devices have a new threat thanks to a Secure Boot policy that leaked online.