Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Dual Boot Not Trusted, Rejected By Vista SP1

Posted by timothy on Wed Jul 30, 2008 03:28 PM
from the that's-south-of-luckless dept.
Bug Microsoft Operating Systems Software Windows
Alsee writes "Welcome to our first real taste of Trusted Computing: With Vista Enterprise and Vista Ultimate, Service Pack 1 refuses to install on dual boot systems. Trusted Computing is one of the many things that got cut from Vista, but traces of it remain in BitLocker, and that is the problem. The Service Pack patch to your system will invalidate your Trust chain if you are not running the Microsoft-approved Microsoft-trusted boot loader, or if you make other similar unapproved modifications to your system. The Trust chip (the TPM) will then refuse to give you your key to unlock your own hard drive. If you are not running BitLocker then a workaround is available: Switch back to Microsoft's Vista-only boot mode, install the Service Pack, then reapply your dual boot loader. If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L."
+ -
story

Related Stories

Submission: Dual Boot Not Trusted, Rejected by Vista SP1 by Alsee (515537)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Dual Boot Not Trusted, Rejected By Vista SP1 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • But what if... (Score:5, Interesting)

    by ivan256 (17499) on Wednesday July 30 2008, @03:30PM (#24407911)

    What happens on systems without a TPM?

  • Vista and Mac OS? (Score:5, Interesting)

    by TheMidnight (1055796) on Wednesday July 30 2008, @03:36PM (#24408013) Homepage

    Has anyone tried this with Boot Camp? I had no problems with Mac OS X and FileVault dual-booting with either XP SP2 or Vista base.

    • Re:Vista and Mac OS? (Score:5, Informative)

      by Sentry21 (8183) on Wednesday July 30 2008, @04:22PM (#24408711) Journal

      Intel Macs use EFI instead of a BIOS, and EFI uses GUID Partition Tables (GPT) instead of MBR.

      The space that the MBR used to sit in is reserved in GPT, so when a legacy system reads, uses, or modifies the partition table, it only changes the old MBR partition table, which is not actually used to boot. In contrast, Boot Camp's dual-boot features only use the GPT, which means that as far as Vista knows, it IS the only boot loader involved.

  • Whew (Score:5, Funny)

    by neoform (551705) <djneoform@gmail.com> on Wednesday July 30 2008, @03:38PM (#24408055) Homepage

    Good thing I'm running Mojave and not Vista.

  • It has a bootloader update. (Score:5, Insightful)

    by Timothy Brownawell (627747) <tbrownaw@prjek.net> on Wednesday July 30 2008, @03:39PM (#24408063) Journal

    "However, it's actually a very good thing that the update and the servicing fail in this scenario, because you can just imagine the implications if the update automatically reinstalled the Vista MBR to restore boot integrity - we'd be flooded with complaints."

    So... yeah. Anyone technical enough to change their bootloader should know how to put it back temporarily so it can get updated.

    If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L.

    I thought that was the entire point of BitLocker - don't unlock things unless you know that you're not running on top of some evil VM.

  • Not trusted for a reason (Score:5, Interesting)

    by naoursla (99850) on Wednesday July 30 2008, @03:41PM (#24408095) Homepage Journal

    If you are using BitLocker then you want your data to be secure. There are probably ways that a compromised boot loader can allow an attacker access to your data. Vista closes this security hole by requiring the boot loader to be a cryptographically signed binary that it trusts. If it didn't, this story would instead be "Vista BitLocker encryption not secure on dual boot systems".

    That being said, there should be a way to register other trusted signature keys in Vista to allow 3rd party boot loaders. I don't know if there is or not, but there should be.

    • Re:Not trusted for a reason (Score:5, Insightful)

      by Anonymous Coward on Wednesday July 30 2008, @03:55PM (#24408297)

      That's great...

      Except for the fact that it happens on any system that CAN run BitLocker, rather than any system ACTUALLY running BitLocker.

      So if you're trying to dual-boot between Linux and Vista Business/Ultimate and you have a TPM-capable machine, forget it: you're locked out until you restore the Vista bootloader.

      Even if you're not using BitLocker.
      Even if you've never even installed BitLocker.

    • Re:Not trusted for a reason (Score:5, Insightful)

      by Applekid (993327) on Wednesday July 30 2008, @04:06PM (#24408477)

      That being said, there should be a way to register other trusted signature keys in Vista to allow 3rd party boot loaders. I don't know if there is or not, but there should be.

      That's exactly what's wrong with the Trusted Computing initiative that the major players (Microsoft, Intel, etc) are implementing: they don't trust YOU to make those kinds of decisions to trust 3rd parties.

      http://www.againsttcpa.com/ [againsttcpa.com]

      • Re:Not trusted for a reason (Score:5, Informative)

        by Anonymous Coward on Wednesday July 30 2008, @05:22PM (#24409539)

        No, they do. I think a lot of people here misunderstand what TPM is meant to actually do and what it's supposed to be good for; and what it is useless for. (Frankly, I'm not sure Microsoft fully understood.)

        It's because the MBR has *changed* that means the chain isn't signed with something that will allow the system state register to authenticate with the TPM key storage; the register contents will have changed because the SHA-1 fingerprints changed, so you're not going to be able to get a coherent response from the TPM regarding any keys you've stored in it if you've taken ownership already. Without resetting the token and destroying the keys, that is.

        You want another way of doing this? Don't take ownership of the TPM to store the keys, but put 'em on a thumbdrive and use a secure passphrase (10 word Diceware, for example) to unlock them; this is also a supported mode of operation under BitLocker (assuming you trust the Elephant diffuser as being part of a reasonable cipher mode; frankly, I'm not that happy with it and prefer OCB or XTS modes, or failing that Linux's aes-cbc-essiv:sha256)... doing it the "thumbdrive way" is highly recommended when a TPM isn't available or wanted. Putting the hard disk encryption keys in the TPM isn't necessarily a good idea; they are recoverable given some effort, and that's not really what the TPM tech is for.

        This is all entirely by design; it's closing an actual security hole whereby a trojaned MBR could capture your encryption keys. Obviously this is unsuitable for any dual-booting setup. TPM just isn't designed to work with that kind of scenario; it's really more of a system for verifying extremely stable system images such as you might find on a server or tightly-controlled corporate workstation that you want to be able to have a reasonable degree of confidence hasn't had the MBR tampered with because it's a trusted client that handles classified data (and any tampering with the software whatsoever would decertify it).

        You control the chain of trust when you take ownership of the TPM; they do work just fine with Linux, and Linux does have support for them - if you want to know and prove to another system that the bootloader, BIOS, and kernel haven't changed since the state you knew was good, you can do that (although the proof is only as good as the integrity of the TPM).

        They're just hardware tokens coupled with a signed BIOS/bootloader/kernel, really. Handling the actual key management that results from that, or what you do with it, is entirely up to you.

        Vista using the TPM for BitLocker is hardly plug-and-play, and quite unsuitable for many scenarios (many TPMs out there don't even support TCG1.2); there's always TrueCrypt or PGP Whole Disk Encryption or one of the many other solutions available if you want a little more flexibility and control.

        In particular, it's not really about DRM. None of the DRM systems proposed or deployed have ever used it, or are likely to ever use any part of it, as a key storage blackbox, because an entirely homogeneous image just isn't something you can guarantee on any consumer box (that's one reason it's not even on or in the vast majority of OEM and consumer motherboards/chips). It's perhaps a bit more practical for laptops...

        Also, TPM implementations are quite breakable where the attacker has physical access and ownership of the machine and plenty of time. PCs aren't even consoles, and look what we've done to those...

        It's meant to be one interlocking part of a whole enterprise security solution. It sure as heck isn't a "magic crypto chip" that will lock up your PC, and it shares none of the common criteria with DRM scenarios (which are, of course, just as doomed if they use a hardware blackbox as if they use a software blackbox, because the plaintext is always available...). In fact, having a TPM around if you're running Linux, will at least make sure you always have a secure entropy source for /dev/random...

  • Summary Needs Re-writing (Score:5, Informative)

    by mpapet (761907) on Wednesday July 30 2008, @03:47PM (#24408181) Homepage

    This *may* be a corner case as most TPM's were shipped in the disabled state back when XP was still shipping.

    Instead, how about testing the open source BIOS stack? Most of you have an unused box of recent vintage and I'm sure the projects can use the feedback.

    FYI: An open sourced bios is an Achilles heel for Microsoft. Mobo OEM's will **jump** on a Free bios because it saves them money and elminating TPM saves them much more money.

    Get involved!!

    http://www.coreboot.org/Welcome_to_coreboot [coreboot.org]

    http://openbios.info/Welcome_to_OpenBIOS [openbios.info]

  • FDISK (Score:5, Funny)

    by c0d3r (156687) on Wednesday July 30 2008, @03:47PM (#24408183) Homepage

    c:\> FDISK /MBR
    Out of Memory
    c:\> format c:
    Out of Disk Space
    c:\> edlin config.sys
    File not found
    c:\> set PROMPT=$
    $ mke2fs /dev/hda1

  • How is this news? (Score:5, Insightful)

    by vux984 (928602) on Wednesday July 30 2008, @03:51PM (#24408245)

    Vista's security chain works as designed and intended, preventing from you to inject an untrusted bootloader into the bootstrap. Isn't that what we -want- from our security systems? This isnt' a case of "Microsoft" holding our data hostage, this is a case of our own security policies WORKING.

    If I were to be running Linux, with equivalent protection, I'd be right pissed if it could be trivially rootkitted/bypassed by swapping in a malicious bootloader.

    The ONLY flaw I see in the entire Vista/TPM system is that users don't seem to have a way of manually trusting things they genuinely want to trust. If it hasn't been blessed by MS its not trusted -- that's a fine policy for general users, but if I, as the hardware want to trust a specific bit of code (e.g. the linux boot loader) then I should be able to manually sign it somehow, and add my personal key to my personal install of Vista. And then the grub bootloader I signed will be trusted on my (and only my) PC.

    All the 'chatter on the internets' is currently centered around how to disable UAC, how to disable driver signing, how to go back to running windows as insecurely as possible. i would prefer to see the discussion take a more intelligent direction -- how to obtain keys/certificates, how to add them to Vista's chain of trust on a per PC or per domain basis, and how how sign code with them.

    Signed drivers are a FANTASTIC idea. not being able to sign drivers myself for my own hardware is EVIL. But MS --does-- have programs in place to let you sign code with 'development drivers' which are designed to only be valid on your PC... its just that most of the discussion surround the issue is how to disable it, and how evil MS for deciding what is blessed and what is not.

    I mean, take Stallman, even -he- who wrote the GPLv3 in part to counter DRM isn't against code signing. He just requires that the keys necessary to sign code be included, so the owner of the hardware and user of GPLv3 code can sign it, and thereby be free to make modifications and excercise all the freedoms intended by the gpl.

    • Re:How is this news? (Score:5, Insightful)

      by petermgreen (876956) <plugwash@@@p10link...net> on Wednesday July 30 2008, @04:13PM (#24408585) Homepage

      I mean, take Stallman, even -he- who wrote the GPLv3 in part to counter DRM isn't against code signing. He just requires that the keys necessary to sign code be included, so the owner of the hardware and user of GPLv3 code can sign it, and thereby be free to make modifications and excercise all the freedoms intended by the gpl.
      Right which is the antithesis of what "trusted computing" is all about. Trusted computing is all about allowing vendors like microsoft to trust the computer to work in thier partners interests rather than the users.

    • Re:How is this news? (Score:5, Insightful)

      by hayalci (807196) on Wednesday July 30 2008, @04:41PM (#24409007) Homepage

      Vista's security chain works as designed and intended, preventing from you to inject an untrusted bootloader into the bootstrap. Isn't that what we -want- from our security systems? This isnt' a case of "Microsoft" holding our data hostage, this is a case of our own security policies WORKING.

      If I were to be running Linux, with equivalent protection, I'd be right pissed if it could be trivially rootkitted/bypassed by swapping in a malicious bootloader.

      If the attacker can install a bootloader, that means you were rooted and your precious data can be grabbed from the memory of the program that happens to be using it.

      If the bootloader is installed while the OS is not running, that means you do not have adequate physical security.

  • It is by design... (Score:5, Insightful)

    by kosmosik (654958) <konrad@kosmosik. n e t> on Wednesday July 30 2008, @04:27PM (#24408809) Homepage

    This is by design. If you are into the secure boot stuff you'll know why.

    This is not about DRM and such (but may be) but about *your* data encrypted by BitLocker (the DRM is about protecting *somebody else's* data from you - that is why it is flawed concept).

    Right now there are some kinds of attacks that let you compromise the entire system right from boot (using other than approved bootloader and unsecure boot proces) puting it into hypervisor and thus being able to retrive keys and such directly from memory.

    In fact I don't see any other option as to control entire boot proces. And if you wish to control it you need to use tools that support it.

    So in fact it is not a Bad Thing. It could be a bad thing if you are casual-security user - but this 'casual security' is not so secure isn't it?

    I bet BitLocker documentation covers that. But why bother checking? It is better to set the "secure" option to "on" and dumbly belive it.

    • Re:You can use the Vista boot loader (Score:5, Insightful)

      by Foofoobar (318279) on Wednesday July 30 2008, @03:34PM (#24407991)
      Dual boot systems generally aren't a pain to setup (unless you load Windows second and it overwrites your boot sector). Dual boots are well documented and many people know to load Windows first and then load Linux second and replace the boot sector with LILO or GRUB so you can boot into your choice. It's only Windows that doesn't give choice (as per usual).

      • Re:You can use the Vista boot loader (Score:5, Funny)

        by damn_registrars (1103043) on Wednesday July 30 2008, @03:37PM (#24408037) Journal

        It's only Windows that doesn't give choice

        I have heard that is a feature that we pay extra for.

      • Re:You can use the Vista boot loader (Score:5, Interesting)

        by Alaren (682568) on Wednesday July 30 2008, @03:45PM (#24408149) Homepage

        Any idea whether this is a problem in dual hard drive systems? I found it simplest with Vista to unplug my Ubuntu hard drive, plug in my Vista hard drive, and install Vista as though it were the only operating system. Then I plug Unbuntu back in and add the chainloader line to Grub pointing to the Vista drive, which still has its own "boot sector" on the other drive.

        (This has the added bonus of allowing me to boot to the other OS should one of them fail--though one guess as to which one has that tendency d-_-b)

        Or have I misunderstood the problem? (a distinct possibility, I avoid "Trusted" computing wherever possible)

        • Re:You can use the Vista boot loader (Score:5, Interesting)

          by ashayh (636057) on Wednesday July 30 2008, @04:29PM (#24408857)
          Many desktop motherboards give the option of booting from specific hard drives. That's the option I use. I install the OS on a hard drive as if it were the only OS, then choose the hard drive while booting up. The downside is, I have to remember which of my 3 drives has which OS.

          • Re:You can use the Vista boot loader (Score:5, Insightful)

            by RpiMatty (834853) on Wednesday July 30 2008, @04:12PM (#24408569)

            Put windows on the first hard drive, then install linux on the second hard drive. Setup grub so it chainloads the windows boot record (for one of the options), and finally make your bios boot off the second hard drive.
            Then Windows is happy and ignorant of its true surroundings.
            Thats how my dualboot desktop at home is setup.

    • Linux under windows = untrusted too (Score:5, Insightful)

      by CarpetShark (865376) on Wednesday July 30 2008, @03:38PM (#24408047)

      It's possible to use the Vista bootloader to chainload GRUB

      In which case you can no longer trust linux.

    • Re:You can use the Vista boot loader (Score:5, Funny)

      by Anonymous Coward on Wednesday July 30 2008, @03:40PM (#24408087)

      I'm hoping some joker with the next viable vista virus uses it to trigger trusted computing into locking machines.
      Lets see vista's adoption rate when word gets out it bricks your entire system if you get a virus.

      • Re:You can use the Vista boot loader (Score:5, Informative)

        by oldspewey (1303305) on Wednesday July 30 2008, @04:12PM (#24408571)

        Just games? There are lots of people who run windows as their primary OS (because it's what they are used to after spending 15+ years on a MS platform, or maybe because there are apps they rely on that aren't available elsewhere), and they dual boot Linux because they want to be able to hack around, learn more, and generally have fun.

        Taking an interest in Linux does not automatically mean somebody will abandon Windows the next morning.

    • Re:Affects crack? (Score:5, Insightful)

      by Anonymous Coward on Wednesday July 30 2008, @04:23PM (#24408731)

      You know, I had to use that crack to get my copy of Vista reinstalled (all the partitions got wiped out, including the OEM one), because it refused to use my OEM key without the OEM partition, and simply wouldn't active. So, I had to crack my already-paid-for copy of Vista. Oh, sure, I could have gone and sent it back (to Acer, yeah right), or called Microsoft, but isn't it funny that I get a better "customer service experience" from cracked software?

      Posting anonymous for the above reasons.

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.