Researchers Demo Exploits Bypassing UEFI Secure Boot 100
itwbennett writes "Researchers demonstrated at Black Hat this week two attacks that bypassed Secure Boot in order to install a UEFI bootkit — boot rootkit — on affected computers. The first exploit works because certain vendors do not properly protect their firmware, allowing an attacker to modify the code responsible for enforcing Secure Boot, said researcher Yuriy Bulygin, who works at McAfee. The second exploit demonstrated by the researchers can run in user mode, which means that an attacker would only need to gain code execution rights on the system by exploiting a vulnerability in a regular application like Java, Adobe Flash, Microsoft Office or others. In both cases, the exploits are possible not because of vulnerabilities in Secure Boot itself, but because of UEFI implementation errors made by platform vendors."
Of course, a hardware security system that is too complex to verify seems like a fatal flaw.
Re:TPM is all you need. (Score:5, Interesting)
So far to me it looks like things are playing out exactly as
Required in Windows 8; forbidden in Windows RT (Score:5, Interesting)
A method of disabling Secure Boot is required by the spec and by Microsoft.
In Windows 8 (x86 and x86-64), it is required. In Windows RT, it is forbidden. And other comments to this topic speculate that Microsoft is likely to license Windows 10 like Windows RT in this respect.