• We've upgraded our forums. Please post any issues/requests in this thread.

Windows 8 Secure Boot Feature: Not So Secure?

Joined
Sep 15, 2011
Messages
978 (0.43/day)
Likes
215
Location
coast ,melbourne
System Name THE MEDIAMACHINE
Processor i5-3570k
Motherboard Asus gene v z-77 matx.
Cooling Antec h20 620
Memory 2x4gb g.skill ripjaws z 2400
Video Card(s) h.i.s radeon 7950 reference 3 gb- hooray!!!
Storage samsung 128gb~830 ssd. samsung 500gb hdrive.
Display(s) 22 inch tele.
Case circa 1996 grey rat box with no sides front.until my own is finished
Audio Device(s) inbuilt creative.supreme effects 3
Power Supply thermaltake tt-500w
Software win 7 x64-
Benchmark Scores Coming soon
#26
Thanx for the post qubit, interesting development.Thats the first thing i thought when i first heard of windows 8 secure boot feature=it will be cracked. haha
 
Joined
Jan 1, 2010
Messages
68 (0.02/day)
Likes
12
#27
I honestly have no idea why UEFIs Secure Boot is being brought up here.

"The researcher claims that the real issue exists in legacy boot procedures, not in the Redmond company's new feature." debunks this whole 'article' and the Softpedia headline is sensational driven by speculation.
 
Joined
Oct 7, 2009
Messages
396 (0.13/day)
Likes
61
System Name Just A Gaming Rig.
Processor AMD FX-8320 @4.1GHz, 1.268V
Motherboard ASUS M5A97 Evo R2.0
Cooling Cooler Master Hyper 212 Evo
Memory 8 GB Crucial Ballistix Sport 1600MHz
Video Card(s) Club 3D R9 280X 3GB royalQueen, @1115/1615MHz
Storage OS+Often used stuff: Kingston SSDNow V300 120GB, Mass storage: WD Blue 1TB
Case Zalman Z3 Plus
Audio Device(s) Integrated
Power Supply Corsair CX600M
Software Windows 8.1 64-bit
#28
Surprise surprise. Seems like Windows 8 might be another Vista.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
24,274 (5.51/day)
Likes
10,362
Location
Indiana, USA
Processor Intel Core i7 4790K@4.6GHz
Motherboard AsRock Z97 Extreme6
Cooling Corsair H100i
Memory 32GB Corsair DDR3-1866 9-10-9-27
Video Card(s) ASUS GTX960 STRIX @ 1500/1900
Storage 480GB Crucial MX200 + 2TB Seagate Solid State Hybrid Drive with 128GB OCZ Synapse SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Corsair 650D Black
Audio Device(s) Onboard is good enough for me
Power Supply Corsair HX850
Software Windows 10 Pro x64
#30
I would appreciate your list of other OS's implementing this feature. Thanks.
  • Linux
  • Linux
  • Linux
  • Linux
  • Oh and OSX

Here is a statement from a Kernal Developer at Red Hat:

We don't really support secure boot right now, but that's ok because you can't buy any hardware that supports it yet. Adding support is probably about a week's worth of effort at most.
This exploits the legacy BIOS. Not UEFI and has nothing to do with the Windows 8 support of UEFI Secure Boot.
I'm not sure this exploits the legacy BIOS but rather it exploits the legacy boot method on MBR drives, injecting a signed key before the OS boots, which you are correct in that it has nothing to do with Windows 8. And the simplest fix would just be to require boot drives use GPT when Secure Boot is enabled in UEFI.
 
Last edited:
Joined
May 16, 2011
Messages
1,430 (0.60/day)
Likes
460
Location
A frozen turdberg.
System Name Runs Smooth
Processor FX 8350
Motherboard Crosshair V Formula Z
Cooling Corsair H110 with AeroCool Shark 140mm fans
Memory 16GB G-skill Trident X 1866 Cl. 8
Video Card(s) HIS 7970 IceQ X² GHZ Edition
Storage OCZ Vector 256GB SSD & 1Tb piece of crap
Display(s) acer H243H
Case NZXT Phantom 820 matte black
Audio Device(s) Nada
Power Supply NZXT Hale90 V2 850 watt
Software Windows 7 Pro
Benchmark Scores Lesbians are hot!!!
#31
  • Linux
  • Linux
  • Linux
  • Linux
  • Oh and OSX

Here is a statement from a Kernal Developer at Red Hat:





I'm not sure this exploits the legacy BIOS but rather it exploits the legacy boot method on MBR drives, injecting a signed key before the OS boots, which you are correct in that it has nothing to do with Windows 8. And the simplest fix would just be to require boot drives use GPT when Secure Boot is enabled in UEFI.
So Linux is switching to secure boot also? Or they have to because of UEFI?
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
24,274 (5.51/day)
Likes
10,362
Location
Indiana, USA
Processor Intel Core i7 4790K@4.6GHz
Motherboard AsRock Z97 Extreme6
Cooling Corsair H100i
Memory 32GB Corsair DDR3-1866 9-10-9-27
Video Card(s) ASUS GTX960 STRIX @ 1500/1900
Storage 480GB Crucial MX200 + 2TB Seagate Solid State Hybrid Drive with 128GB OCZ Synapse SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Corsair 650D Black
Audio Device(s) Onboard is good enough for me
Power Supply Corsair HX850
Software Windows 10 Pro x64
#32
So Linux is switching to secure boot also? Or they have to because of UEFI?
They don't have to, as Secure Boot is supposed to have the option to be disabled in the UEFI interface. Most of the free distros probably won't see Secure Boot support. However, enterprise supported version of linux, such as Red Hat and the others that see heavy use in the enterprise world, will be using Secure Boot for sure.
 
Joined
Mar 1, 2010
Messages
3,565 (1.25/day)
Likes
785
Location
By the Channel Tunnel, Kent, England
System Name Benny
Processor Phenom II 1055t @ 3.3GHz; 300x11; 1.380v; NB 2700; HT 2400
Motherboard ASUS Crosshair IV Formula (2002 BIOS)
Cooling Thermalright TRUE 120 Black + 2 Xilence Red Wing PWM 120mm (push/pull) + polycarbonate fan holders
Memory 8GB GeIL Ultra 2133MHZ C9 running at 1600MHz @ 7-7-7-21 1T 1.5v
Video Card(s) MSI Twin Frozr II GTX470 @ Stock w/CPU fan cable-tied on, as one of the GPU fans broke.
Storage 60GB OCZ Agility3 (OS);500GB WDC Grn; 1x1TB WDC Blk (Backup)
Display(s) ASUS PA823Q
Case Silverstone Raven 2 (all cables custom sleeved with velcro mod on side panel...)
Audio Device(s) X-Fi (Onboard) + Harmon Kardon HK6100 amp powering JVC HA-RX700's with Zalman mic
Power Supply Corsair HX650W
Software Win7 Pro x64
Benchmark Scores No benchies so making this space useful! Corsair M90, Logitech G19. Phobya FlexLight LED's (gawjus)
#33
I must give him the benefit of the doubt since he seems to be hating on the entire IT industry, not just the two or three companies.
:laugh: well, at least you can't say he's biased!
 

qubit

Overclocked quantum bit
Joined
Dec 6, 2007
Messages
14,546 (3.98/day)
Likes
8,052
Location
Quantum Well UK
System Name Quantumville™
Processor Intel Core i7-2700K at stock (hits 5 gees+ easily)
Motherboard Asus P8Z68-V PRO/GEN3
Cooling Noctua NH-D14
Memory 16GB (4 x 4GB Corsair Vengeance DDR3 PC3-12800 C9 1600MHz)
Video Card(s) Zotac GTX 1080 AMP! Extreme Edition
Storage Samsung 850 Pro 256GB | WD Green 4TB
Display(s) BenQ XL2720Z | Asus VG278HE (both 27", 144Hz, 3D Vision 2, 1080p)
Case Cooler Master HAF 922
Audio Device(s) Creative Sound Blaster X-Fi Fatal1ty PCIe
Power Supply Corsair HX 850W v1
Software Windows 10 Pro 64-bit
#34
Calm down people, everyone is wrong, especially me.

While qubit might be bringing a Charlie Demerjian vibe to TPU, I must give him the benefit of the doubt since he seems to be hating on the entire IT industry, not just the two or three companies. The "Secure Boot" feature seems to be misunderstood as we don't all know exactly what it is.

We browsed the "reports" (not just the TPU versions) and since all of them are heavily biased they try to make Windows 8 (and Microsoft) the bad guy here. It wouldn't be news if it wasn't about a new, shiny (unreleased) product.

The attack described in this article seems to not be geared towards Windows 8 to be fair. Since the attack patches the MBR and then uses an inherent OS problem to obtain elevated rights it looks like Vista, Windows 7, Windows Server 2008 (R1/R2) and possibly others that support UEFI (or any hybrid UEFI version) can be attacked in the exact same way, and I don't see it now how it is related to UEFI or the secure boot feature.

To this looks to be nothing more then a puny OS vulnerability (like hundreds before it and hundreds after it) made to look like UEFI/Microsoft are the bad guys here. It will get patched, before or after the OS ships. Even more it is a vulnerability that first attacks the legacy part of the OS, and I thought that UEFI is the step away from legacy.

So it looks to me like UEFI and Microsoft should make the secure boot feature even more closed and draconic in nature in order to protect their customers. And in this way the reports are contradicting in nature, since half of them complain about the feature locking out Linux and other fluffy things like that while the other half complain about it letting in governments and other not-so-fluffy things.

I remember the same reaction when Microsoft introduced the driver signature enforcement in Vista, everyone automatically switched to panic mode, but in the end all was good.

Like then, everyone is now overreacting, trying desperately for their 15 minutes in the spotlight, and in a way, "Windoze 8 is the D3vil" articles will bring in many visitors to any site, visitors that will translate into add revenue.
Great post. :toast:

But sheesh, I didn't think I hated the whole IT industry? :eek: :)

The vulnerability isn't in the OS itself. From the looks of it, the UEFI still contains legacy BIOS code that's causing the problem, as the MBR isn't checked. Once that code is updated, this vulnerability will be fixed. Therefore, it's fair to say that any OS, Linux etc at this point would be vulnerable to Stoned Lite.

Hopefully you're right about all this being an overreaction. Only time will tell for sure, but in the meantime, the previous stories I linked to explain why it's a potential problem and people shouldn't be complacent about it.

Secure boot also sounds like it will make security software redundant, doesn't it? I suspect that it won't in practice, though.
 
Joined
Nov 13, 2009
Messages
5,614 (1.90/day)
Likes
1,678
Location
San Diego, CA
System Name White Boy
Processor Core i7 3770k @4.6 Ghz
Motherboard ASUS P8Z77-I Deluxe
Cooling CORSAIR H100
Memory CORSAIR Vengeance 16GB @ 2177
Video Card(s) EVGA GTX 680 CLASSIEFIED @ 1250 Core
Storage 2 Samsung 830 256 GB (Raid 0) 1 Hitachi 4 TB
Display(s) 1 Dell 30U11 30"
Case BIT FENIX Prodigy
Audio Device(s) none
Power Supply SeaSonic X750 Gold 750W Modular
Software Windows Pro 7 64 bit || Ubuntu 64 Bit
Benchmark Scores 2017 Unigine Heaven :: P37239 3D Mark Vantage
#35
I really hope this is true, as I don't want to have to give up linux.
 

newtekie1

Semi-Retired Folder
Joined
Nov 22, 2005
Messages
24,274 (5.51/day)
Likes
10,362
Location
Indiana, USA
Processor Intel Core i7 4790K@4.6GHz
Motherboard AsRock Z97 Extreme6
Cooling Corsair H100i
Memory 32GB Corsair DDR3-1866 9-10-9-27
Video Card(s) ASUS GTX960 STRIX @ 1500/1900
Storage 480GB Crucial MX200 + 2TB Seagate Solid State Hybrid Drive with 128GB OCZ Synapse SSD Cache
Display(s) QNIX QX2710 1440p@120Hz
Case Corsair 650D Black
Audio Device(s) Onboard is good enough for me
Power Supply Corsair HX850
Software Windows 10 Pro x64
#36
I really hope this is true, as I don't want to have to give up linux.
You won't have to anyway, secure boot can be disabled by the user in UEFI. That is in the spec for Secure Boot. However, the option isn't required, so we will probably see some OEM machines that have that option missing from UEFI. So just build your own machines and you won't have that problem.:)