This article notes that "nobody actually enforces these expiry dates". So this is another way that secure boot is proven to be nowhere as secure as it claims to be. Coupled with LogoFAIL and most hardware shipping with insecure debug keys.. has Secure Boot ever provided meaningful security? It sure causes all sorts of practical problems.
SecureBoot uses an existing certificate implementation which supported expiration, for a scenario where a having a reliable clock in unfeasible.
SecureBoot would have been better off with certificates that never expire. That's not a problem in cases where users (or organisations) manage their own hosts, since they can just changed the certificate when the previous one is no longer valid or leaked or whatever.
In practice, SecureBoot rolled out with a single CA for everyone, one controlled by Microsoft. This provides little value for anyone—restricting your computer to "only boot stuff signed by a third party" doesn't really protect from attackers in any way. They'll just boot into one of the many programs signed by MS. But because a single CA is used globally, you want expiration so as to roll them over every few years. But remember: there's no way to have a reliable clock. And so, we have the mess that we have.
The grand majority of Linux users could disable SecureBoot tomorrow and their system's security would not change in any meaningful way.
It increases security in certain circumstances. Mostly for Windows users at big corporations.
For example, you want your users' laptop hard drives to be encrypted - but also you have users who regularly forget their passwords? With bitlocker their hard drive can decrypt itself, so they only need to remember their windows login, which you can reset remotely.
You give laptops to your field workers, who have full physical access and would love to play video games or access netflix when work puts them in a hotel over night with nothing to do? With secure boot you can keep your precious spreadsheets locked down, even if they're willing to boot from USB sticks or swap the hard drive.
And perhaps most importantly, it has "secure" in the name. So the corporation's IT security auditors will like to see it turned on even if they have only a vague understanding of what it does.
Maybe you are too young for this but viruses modifying boot partitions was a big thing back then. It is simply impossible to inject some code without finding an exploit in UEFI with Secure Boot or somehow exploiting the kernel. It is still possible to do this kind of hack but it is 2 orders of magnitude harder.
The Linux Mint support forums keep telling people to try turning it off to fix problems, but I installed Mint just fine with it enabled on my 8 (at the time) year old hardware, before I'd even heard that there was such a thing.
Anyway, it's good to hear that I probably don't have anything to worry about.
Unfortunately, hearing this is not surprising since desktop Linux users tolerate having poor security and rely on never ever running malware to keep themselves safe over having the operating system itself protect against malware.
> Unfortunately, hearing this is not surprising since [users of an OS with a built-in file permissions system] tolerate having poor security and rely on [thinking about whom to trust and primarily sourcing their software from the distro package manager] to keep themselves safe over having the operating system itself [apply heuristics to try to decide whether things the user downloaded from random web sites are malware, while completely failing to provide transparency on whether double-clicking something will supply it as data to an existing program or treat it as itself a program].
I'm not understanding how it's the desktop Linux users who have to deal with poor security.
> users of an OS with a built-in file permissions system
Lot of good that will do you when Linux users will curl | bash most any garbage.
The Windows NT file permission system is far more advanced (and I'm not even including AppLocker or software whitelisting).
> thinking about whom to trust and primarily sourcing their software from the distro package manager
So "app store" is the wave of the future?
The days of Linux users using magic healing crystals to protect themselves from malware are long over. Most malware these days targets Linux servers. If you think chmod u+x is what is preventing your computer from catching digital AIDS I have news for you.
> Lot of good that will do you when Linux users will curl | bash most any garbage.
Same for Windows users who zoom through UAC prompts without reading.
> The Windows NT file permission system is far more advanced (and I'm not even including AppLocker or software whitelisting).
...and much more convoluted and easy to break while most systems allow unfettered access to everywhere. On the other hand SELinux and AppArmor already provide transparent system isolation for decades now, and they are completely invisible. If you want even more security, you can install an immutable distro.
> So "app store" is the wave of the future?
App stores are capitalist versions of software repositories which are present for more than 20 years now? Plus, these repositories are generally well-vetted and observed by their maintainers.
> Most malware these days targets Linux servers. If you think chmod u+x is what is preventing your computer from catching digital AIDS I have news for you.
No, instead many sysadmins who know what they're doing are depending on a layered security system, provided by Linux kernel and its peripheries. Containers, CGroups, namespaces, SELinux/AppArmor, package integrity checks, multiple limited users (with reduced capabilities as well), UNIX file permissions, and many more.
If you think Linux only has file permissions for system security, I have news for you.
>I'm not understanding how it's the desktop Linux users who have to deal with poor security.
On Linux Mint if you run a program without granting any extra permissions it can: Record your mic, record your camera, record your screen, steal your browser history/ cookies/passwords, alias sudo or show a fake update dialog to collect the user's password to elevate to root, see if you copied a crypto address and replace it with a similar looking one owned by the attacker, encrypt all of your files, send any sensitive pictures or documents to the attacker, etc.
The existence of a 50 year old concept of file permission is not good enough to combat the modern security problems users can encounter.
Of course unlike windows billion dollar heightened security of getting flooded with UAC and MOTW pops up everybody is conditioned to click yes as fast as possible caused by the proven "download random executables from the first site you see on google and hope it's not malwaretising" method.
Yes, it does, for some values of security. Operated correctly it allows you to know you can trust everything on your system from the UEFI firmware down, because if any part of that chain didn't match what you were expecting to be there the next step in the chain would refuse to execute.
Most people experience this via Windows, which automatically sets up that chain of trust so that you can know you've not had a rootkit injected somewhere. In other cases it may be Linux or something more exotic booting, and it requires some management by whoever is operating the device, but that comes with the benefit of knowing that if one of our devices has got to the point of decrypting it's storage we can be reasonably confident that it hasn't been tampered with, and so we can trust it to send good data.
The rollover coincides with stronger security policies for signed objects (enforcing code being read-only, that kind of thing) and people with stronger security requirements can remove trust in the old certificate to enforce that.
Code has bugs. There's any number of critical vulnerabilities in Linux, Windows, MacOS that have allowed bypass of all security features - does that mean all security features remain security theatre?
The cost in terms of freedom/flexibility and reliability/longevity is very high. But we're told, this is necessary, it's the only way to guarantee the security of the poor user. But if in practice the security wasn't actually guaranteed, for most motherboards over most years, due to pretty big dumb oversights ... was it worth the extreme costs? The cost of losing compatibility with older or newer software/hardware, of losing convenient repairs and recovery? Nope.
You sold your soul for "guaranteed security" of securing the entire boot and runtime from the lowest level hardware up ... and didn't really get it anyway.
They clearly didn't want to leave a system unbootable because a certificate expired. In which case you would have no opportunity to update the certificate because you can't boot the system anymore.
They could've used a time stamping service to include a signed timestamp in the binary to compare the expiry date against, but that still leaves the system unbootable after the time stamping certificate expires in the far future.
Besides, a hacking group powerful enough to steal Microsoft's Secure Boot private key will likely be able to steal a timestamping private key from a certificate authority as well.
With the default key hierarchies, the benefit is more limited. It raises the bar. Implementing known vulnerabilities takes work. And not ever configuration is vulnerable to every issue. And, for a lot of the vulns, the OS vendor shoves things in the dbx to mitigate.
With custom hierarchies, it's a bit more compelling. But it's a lot of work to maintain.
> [...] systems that only trust the new certificate and not the old one would refuse to boot older Linux, wouldn't support old graphics cards, and also wouldn't boot old versions of Windows. Nobody wants that [...]
EVERYBODY wants that! And I mean ABSOLUTELY EVERYBODY! Updates are now mandatory everywhere, in both Windows and Linux, and GPU manufactureres would LOVE to make the old cards obsolete, even if technically the new cards aren't much better.
So expect to see the old certificate invalidated quickly and automatically, in the name of security, of course!
Even if this did happen, there's a trivial workaround available: Just go into your BIOS and switch 'Secure Boot' off.
Secure Boot is a fine thing if you're a huge corporation and want to harden laptops against untrustworthy employees, or you've got such a huge fleet of servers they go missing despite your physical security controls, or you're making a TiVo style product you want to harden against the device owners. But when the user is the device owner? Doesn't do much.
You won't be able to switch it off for long. See how many phones still have that option! [1]
In the end what matters is always money. Always.
What brings more money? TiVo or buyer-owned device? You think 5% of technically competent potential buyers would make a difference when the 95% illiterate users will just replace the product no questions asked?
It started as a fight against piracy and half-competent users that break their own systems (and the company's systems too, like you said). But slowly the industry sees that there's more money to be made if the same technology can provide a belivable argument in right to repair and planned obsolescence court cases.
Get back to me when it actually happens, because I've been hearing that line for about 15 years now and it has not happened.
The reality is that PC's address the needs of a fundamentally different market than "TiVo"s or even mobile phones. While most could, and probably should, be using secure boot noone seems to be eager to take away the option to disable it.
You're living under a rock. It's been happening slowing but surely. As device form factor preferences change the new types conveniently don't make it easy to replace to OS. A significant chunk of them lock you out entirely.
Microsoft perennially makes small movements in that direction. Reduced control over the OS and attempts to exert control over the software ecosystem. I assume they're still trying to push consumers towards Windows S mode devices.
Kernel mode anticheat that won't run on systems that aren't attested. Streaming platforms that won't serve up decent quality streams. Even if you don't notice the pot being boiled there are those of us that do.
I never claimed otherwise? "Lock you out entirely" was in reference to a subset of Android, all of Apple, likely many wearables, most IoT devices, and probably others. I tried to outline the broad trend of curtailing user control (not limited to the bootloader) for those who feel like things have been stationary in the long term.
> Even if you don't notice the pot being boiled there are those of us that do.
Tangent: To me that sounds like a reference to the "frog boiling" story. This has been debunked [1], a healthy frog will not remain in a gradually heated pot of water. We need a better analogy for this.
I'm aware, but it's the understood turn of phrase at present. Similar to "tree shaking" which people started pushing back against at some point and I've no idea why because if it conveys the point then who cares whether or not farmers do it?
There was a period where Microsoft was attempting to treat Windows on ARM devices in the same way as Apple treats iPads. That's not how things are now, and the walkback on that doesn't support the argument that the goal is to lock competitors out of the industry.
No, UEFI Secure Boot is UEFI Secure Boot. The fact that Microsoft exercised this ability twelve entire years ago on a platform where they thought they could get away with it makes it worse, not better.
The fact that said device no longer exists, and has virtually no modern successors, and certainly none that matter commercially, tells a different story.
Plus, tablets are not PCs. People are happy with tablets and phones as locked devices. They are not happy with PCs as locked devices, and have not accepted such control, maybe outside the MacOS ecosystem.
This should be illegal, and anyone caught doing it fined twice the total cost of amortized ownership per each device owner over the total duration of ownership in addition to completely refunding every customer.
Throw in jail time for decision makers. Lets make markets honest with real incentives.
Yes, it's equivalent to running a computer with admin access, and most banking web sites have no issue with that.
Still, my point was not about running a rooted phone with unlocked bootloader (secure boot disabled on a pc equivalent), but whether if this is possible accounts in your purchasing decision.
Before we had secure phones, we used to get hardware gadgets from banks in order to secure access. Now that phones are secure enough, the phones act as the root of trust (and, unfortunately, SMS does as well...).
Yes, and phones are full of vulnerabilities because vendors provide security updates only for 2-5 years (high end being rare), thus making this a moot point.
And/or abolish the DMCA "anti-circumvention" laws, which makes it a crime to pick (digital) locks that you own, or discuss how one might do so.
It's still a problem if manufacturers force ExploitationOS on the device I bought, but it's not-as-bad when everyone can collaborate to disable the exploitation-parts.
This isn't just about hardening devices against the owner, some devices by the nature of what they're doing have to go in places where their physical security can't be guaranteed, secure boot means that we can put those devices there and not worry about some kid with a USB stick coming by and either wholesale replacing the operating system with something else or injecting a botnet client into the running system.
For values of many being less than one in a million. Yes, the few that do are somewhat popular competitive ones, but they are very very rare in the sea of games that exist.
I'm surprised more huge corporations don't move towards a "Chromebook only" by default. Now you don't have to manage anything. We're all doing our work in browsers anyway.
There are quite a few who have. Ive worked in a google workspace enabled company on a chromeos device for like that last 6? Years. It works 95% of the things, but that last 5% can be frustrating: especially when it involves interoperability with a customers system. Now multiply that by 40000 employees.. that's a lot of help desk tickets.
What are you talking about? Because the software you'll be expected to use for your job can run on a Chromebook you're considered a replaceable cog? All that means is that to do the job you're being employed for the company thinks you can do it with a web browser and whatever software will run on a Chromebook, its no different to being issued a centrally managed Windows device.
Chromebooks can be had dirt cheap and for the most part are not customizable in any way. Laptops not so much. Most of the world is not SV or google. They don't put thought into the hardware you use other than is it the cheapest we can get for this persons position.
On the other had I've seen execs/directors that barely turn on their PC get $10k monster laptops because they are considered important. While staff get recycled garbage equipment or a $1000 max per person equipment budget.
It's becoming increasingly popular, albeit slowly. The main barriers are 1) it has to be a corporation that uses Google Workspace rather than MS Office, and 2) there can't be any legacy .exe's that are still required, or else you need to figure out how to support those over some kind of remote desktop to a virtual Windows installation.
I think at some point there will gradually be a line that divides consumer type devices and Workstation with a capital W type devices. If nothing else it'll encourage the PC market to really decide for each use-case how much they value having a huge range of laptop or pre-built configurations or being able to assemble from parts. There's a lot of momentum in the PC mindset, but I also think a lot of people would be satisfied with less 'personal' so long as they were able to identify what they need and match it to capabilities of a model. 20 years ago the idea of a phone/table as the personal computer for most people and not a PC/laptop would be silly, yet here we are
Is there not one already? Having a laptop or desktop puts you firmly in workstation category; the consumer type devices are smartphones (and they make up about 90% of all devices so we should probably stop treating mobile web pages as an afterthought).
I don't understand what "UEFI starts the boot process" means? The firmware is what initialises the hardware. If the code needed to initialise your GPU doesn't have a trusted signature then it won't be executed, and you won't have any working graphics, so you won't have a UI to let you disable secure boot. If secure boot isn't enabled in the first place then yes this isn't a problem.
> But when the user is the device owner? Doesn't do much.
A decent Secure Boot implementation together with a BIOS/EFI password at least makes the life of US CBP or similar thugs wanting to use my devices against me much more difficult.
And no, that's not an imaginary threat, certainly not under this administration which has come under fire multiple times for first detaining and then deporting random tourists.
worked perfectly on a fully updated Windows 11 24H2 installed on an old Surface Pro LTE i5-7300U that is perhaps unlikely to receive another firmware update...
There is also the option of enrolling your own certs and resigning the bootloader and any Option ROMs you need, if you're really worried / expect to actually be broken by this.
The moment I lose access to my computer or data due to this nonsense is the day I have a Stallman moment and refuse to play. I'll use a Chinese risc-v machine with 5 year old performance or whatever. This stuff has lived in the far background of my mind for years with thoughts like "fedora somehow handles this so I don't need to worry." But if it hits I'm done. Won't support such hardware ever.
> So, uh, what's the story here? Why is there any engineering effort going on at all? [...] Microsoft will shortly start signing things with a new certificate that chains to a new root, and most systems don't trust that new root. [...] If something is signed purely with the new certificate then it won't boot on something that only trusts the old certificate (which shouldn't be a realistic scenario due to the above), but if something is signed purely with the old certificate then it won't boot on something that only trusts the new certificate.
So, dumb question: If the expiry dates are not enforced, why rotate the certificates at all? The only consequences of Microsoft introducing new keys seems to be that compatibility with old software and systems will over time become worse. But what's the upside - or the actual threat model this is defending against?
That's what I suspect as well. But would this have any actual security benefit or is it just a way to force people to abandon their old hardware like speculated in https://news.ycombinator.com/item?id=44748323 ?
Can someone knowledgeable on the subject explain if I understand the following right:
- on a mobo the motherboard provider signs the PK
- there's only one PK
- the PK signs one or more KEK, like "Microsoft Corporation UEFI CA 2011"
If that understanding is correct, can I add myself the new "Microsoft Corporation UEFI CA 2023" (the one that expires in 2038: I think that its name) the same way I can enroll new keys in the dbx? (say my own signed keys?)
If I add the new Microsoft key myself, shall it be as a KEK or in the dbx?
Will motherboard manufacturer release new firmware, with the new Microsoft key already signed? In that case, shall be a KEK ?
Basically instead of thinking, as TFA suggests: "Let's not worry about anything, everything shall be fine and keep working because keys expiration date aren't enforced", can I pro-actively enroll the new Microsoft key myself?
P.S: I don't drink the SecureBoot kool-aid but something has to be said about having a Linux unikernel (kernel+initramfs) signed and enforced by SecureBoot. And SecureBoot does at least somehow work. Source: I modified on bit of my kernel and had a SecureBoot error and the kernel refused to boot. You can try it for yourself.
Vouched for the parent because it's a reasonable question.
As well as the new root certificates in db, which are used to decide whether signed code will execute or not, there will be a new signed Microsoft key for KEK. This isn't involved in the boot process, but is required for Microsoft to be able to sign further revocation updates. The article is discussing the db case, and if you want to ensure things signed only with the new key will boot on your system, you would want to add them to db.
Microsoft can sign a db update themselves (since there's a valid Microsoft key in KEK and db updates need to be signed with a key in KEK), but KEK updates need to be signed with PK. Microsoft doesn't own PK, so adding the new KEK requires the system vendor produce an update signed with their PK.
If you are in a position to enroll the new keys then you should enroll the new db keys if you want new binaries to be guaranteed to boot, and add the new KEK if you want to be able to apply future Microsoft-signed dbx updates.
Yes, you can proactively enroll the new Microsoft UEFI CA 2023 certificate in the KEK database using `mokutil --import` on Linux or the UEFI firmware interface directly, though most distros will handle this automatically in upcoming updates.
Not like that, you can't. Firstly, that's not a KEK cert - the KEK cert is "Microsoft Corporation KEK CA 2023". And secondly, mokutil manages the MOK database, not the firmware database. MOK keys control what shim will trust, but it's the firmware keys that control whether or not shim will boot in the first place.
Users should absolutely be able to install the db update by hand if they choose to, but it's late and I don't have the commands to hand. I'll write another post on this soon.
This article notes that "nobody actually enforces these expiry dates". So this is another way that secure boot is proven to be nowhere as secure as it claims to be. Coupled with LogoFAIL and most hardware shipping with insecure debug keys.. has Secure Boot ever provided meaningful security? It sure causes all sorts of practical problems.
https://arstechnica.com/security/2023/12/just-about-every-wi...
https://arstechnica.com/security/2024/07/secure-boot-is-comp...
SecureBoot uses an existing certificate implementation which supported expiration, for a scenario where a having a reliable clock in unfeasible.
SecureBoot would have been better off with certificates that never expire. That's not a problem in cases where users (or organisations) manage their own hosts, since they can just changed the certificate when the previous one is no longer valid or leaked or whatever.
In practice, SecureBoot rolled out with a single CA for everyone, one controlled by Microsoft. This provides little value for anyone—restricting your computer to "only boot stuff signed by a third party" doesn't really protect from attackers in any way. They'll just boot into one of the many programs signed by MS. But because a single CA is used globally, you want expiration so as to roll them over every few years. But remember: there's no way to have a reliable clock. And so, we have the mess that we have.
The grand majority of Linux users could disable SecureBoot tomorrow and their system's security would not change in any meaningful way.
Was Secure Boot supposed to increase security? I thought Microsoft was using it to make it near impossible to install Linux
It increases security in certain circumstances. Mostly for Windows users at big corporations.
For example, you want your users' laptop hard drives to be encrypted - but also you have users who regularly forget their passwords? With bitlocker their hard drive can decrypt itself, so they only need to remember their windows login, which you can reset remotely.
You give laptops to your field workers, who have full physical access and would love to play video games or access netflix when work puts them in a hotel over night with nothing to do? With secure boot you can keep your precious spreadsheets locked down, even if they're willing to boot from USB sticks or swap the hard drive.
And perhaps most importantly, it has "secure" in the name. So the corporation's IT security auditors will like to see it turned on even if they have only a vague understanding of what it does.
Maybe you are too young for this but viruses modifying boot partitions was a big thing back then. It is simply impossible to inject some code without finding an exploit in UEFI with Secure Boot or somehow exploiting the kernel. It is still possible to do this kind of hack but it is 2 orders of magnitude harder.
No, boot sector viruses were not a big thing, especially after DOS times. They existed, but they weren't the worst problem at any time.
Linux distributions have been shipping with secure boot support since 2012, so if that was the goal it had already failed over a decade ago.
The Linux Mint support forums keep telling people to try turning it off to fix problems, but I installed Mint just fine with it enabled on my 8 (at the time) year old hardware, before I'd even heard that there was such a thing.
Anyway, it's good to hear that I probably don't have anything to worry about.
Unfortunately, hearing this is not surprising since desktop Linux users tolerate having poor security and rely on never ever running malware to keep themselves safe over having the operating system itself protect against malware.
> Unfortunately, hearing this is not surprising since [users of an OS with a built-in file permissions system] tolerate having poor security and rely on [thinking about whom to trust and primarily sourcing their software from the distro package manager] to keep themselves safe over having the operating system itself [apply heuristics to try to decide whether things the user downloaded from random web sites are malware, while completely failing to provide transparency on whether double-clicking something will supply it as data to an existing program or treat it as itself a program].
I'm not understanding how it's the desktop Linux users who have to deal with poor security.
> users of an OS with a built-in file permissions system
Lot of good that will do you when Linux users will curl | bash most any garbage.
The Windows NT file permission system is far more advanced (and I'm not even including AppLocker or software whitelisting).
> thinking about whom to trust and primarily sourcing their software from the distro package manager
So "app store" is the wave of the future?
The days of Linux users using magic healing crystals to protect themselves from malware are long over. Most malware these days targets Linux servers. If you think chmod u+x is what is preventing your computer from catching digital AIDS I have news for you.
> Lot of good that will do you when Linux users will curl | bash most any garbage.
Same for Windows users who zoom through UAC prompts without reading.
> The Windows NT file permission system is far more advanced (and I'm not even including AppLocker or software whitelisting).
...and much more convoluted and easy to break while most systems allow unfettered access to everywhere. On the other hand SELinux and AppArmor already provide transparent system isolation for decades now, and they are completely invisible. If you want even more security, you can install an immutable distro.
> So "app store" is the wave of the future?
App stores are capitalist versions of software repositories which are present for more than 20 years now? Plus, these repositories are generally well-vetted and observed by their maintainers.
> Most malware these days targets Linux servers. If you think chmod u+x is what is preventing your computer from catching digital AIDS I have news for you.
No, instead many sysadmins who know what they're doing are depending on a layered security system, provided by Linux kernel and its peripheries. Containers, CGroups, namespaces, SELinux/AppArmor, package integrity checks, multiple limited users (with reduced capabilities as well), UNIX file permissions, and many more.
If you think Linux only has file permissions for system security, I have news for you.
Because you're starting from a poor understanding of the security process in general. File permissions are the least of your worries.
>I'm not understanding how it's the desktop Linux users who have to deal with poor security.
On Linux Mint if you run a program without granting any extra permissions it can: Record your mic, record your camera, record your screen, steal your browser history/ cookies/passwords, alias sudo or show a fake update dialog to collect the user's password to elevate to root, see if you copied a crypto address and replace it with a similar looking one owned by the attacker, encrypt all of your files, send any sensitive pictures or documents to the attacker, etc.
The existence of a 50 year old concept of file permission is not good enough to combat the modern security problems users can encounter.
Of course unlike windows billion dollar heightened security of getting flooded with UAC and MOTW pops up everybody is conditioned to click yes as fast as possible caused by the proven "download random executables from the first site you see on google and hope it's not malwaretising" method.
The desktop security model is pretty much the same across the vendors. Somehow, Microsoft seems to get a free pass on this.
Yes, it does, for some values of security. Operated correctly it allows you to know you can trust everything on your system from the UEFI firmware down, because if any part of that chain didn't match what you were expecting to be there the next step in the chain would refuse to execute.
Most people experience this via Windows, which automatically sets up that chain of trust so that you can know you've not had a rootkit injected somewhere. In other cases it may be Linux or something more exotic booting, and it requires some management by whoever is operating the device, but that comes with the benefit of knowing that if one of our devices has got to the point of decrypting it's storage we can be reasonably confident that it hasn't been tampered with, and so we can trust it to send good data.
SecureBoot and UEFI were "bundled" with Windows 8.0 PC's to curtail the possibility of users easily installing Windows 7 instead.
Earlier versions of Windows were a much bigger threat to adoption of Windows 8 than Linux was.
Is secure boot even enabled by default?
I have never used it on my gaming PC and Windows doesn't seem to care.
Its a requirement on any device sold with Windows 11.
The rollover coincides with stronger security policies for signed objects (enforcing code being read-only, that kind of thing) and people with stronger security requirements can remove trust in the old certificate to enforce that.
Code has bugs. There's any number of critical vulnerabilities in Linux, Windows, MacOS that have allowed bypass of all security features - does that mean all security features remain security theatre?
Most security features are, yeah.
The cost in terms of freedom/flexibility and reliability/longevity is very high. But we're told, this is necessary, it's the only way to guarantee the security of the poor user. But if in practice the security wasn't actually guaranteed, for most motherboards over most years, due to pretty big dumb oversights ... was it worth the extreme costs? The cost of losing compatibility with older or newer software/hardware, of losing convenient repairs and recovery? Nope.
You sold your soul for "guaranteed security" of securing the entire boot and runtime from the lowest level hardware up ... and didn't really get it anyway.
You make it sound like security is a binary thing, which is not true.
They clearly didn't want to leave a system unbootable because a certificate expired. In which case you would have no opportunity to update the certificate because you can't boot the system anymore.
They could've used a time stamping service to include a signed timestamp in the binary to compare the expiry date against, but that still leaves the system unbootable after the time stamping certificate expires in the far future.
Besides, a hacking group powerful enough to steal Microsoft's Secure Boot private key will likely be able to steal a timestamping private key from a certificate authority as well.
With the default key hierarchies, the benefit is more limited. It raises the bar. Implementing known vulnerabilities takes work. And not ever configuration is vulnerable to every issue. And, for a lot of the vulns, the OS vendor shoves things in the dbx to mitigate.
With custom hierarchies, it's a bit more compelling. But it's a lot of work to maintain.
> [...] systems that only trust the new certificate and not the old one would refuse to boot older Linux, wouldn't support old graphics cards, and also wouldn't boot old versions of Windows. Nobody wants that [...]
EVERYBODY wants that! And I mean ABSOLUTELY EVERYBODY! Updates are now mandatory everywhere, in both Windows and Linux, and GPU manufactureres would LOVE to make the old cards obsolete, even if technically the new cards aren't much better.
So expect to see the old certificate invalidated quickly and automatically, in the name of security, of course!
Even if this did happen, there's a trivial workaround available: Just go into your BIOS and switch 'Secure Boot' off.
Secure Boot is a fine thing if you're a huge corporation and want to harden laptops against untrustworthy employees, or you've got such a huge fleet of servers they go missing despite your physical security controls, or you're making a TiVo style product you want to harden against the device owners. But when the user is the device owner? Doesn't do much.
You won't be able to switch it off for long. See how many phones still have that option! [1]
In the end what matters is always money. Always.
What brings more money? TiVo or buyer-owned device? You think 5% of technically competent potential buyers would make a difference when the 95% illiterate users will just replace the product no questions asked?
It started as a fight against piracy and half-competent users that break their own systems (and the company's systems too, like you said). But slowly the industry sees that there's more money to be made if the same technology can provide a belivable argument in right to repair and planned obsolescence court cases.
[1] https://github.com/melontini/bootloader-unlock-wall-of-shame
Get back to me when it actually happens, because I've been hearing that line for about 15 years now and it has not happened.
The reality is that PC's address the needs of a fundamentally different market than "TiVo"s or even mobile phones. While most could, and probably should, be using secure boot noone seems to be eager to take away the option to disable it.
You're living under a rock. It's been happening slowing but surely. As device form factor preferences change the new types conveniently don't make it easy to replace to OS. A significant chunk of them lock you out entirely.
Microsoft perennially makes small movements in that direction. Reduced control over the OS and attempts to exert control over the software ecosystem. I assume they're still trying to push consumers towards Windows S mode devices.
Kernel mode anticheat that won't run on systems that aren't attested. Streaming platforms that won't serve up decent quality streams. Even if you don't notice the pot being boiled there are those of us that do.
Actually no - modern Windows on ARM devices have the same level of secure boot control as x86 ones.
I never claimed otherwise? "Lock you out entirely" was in reference to a subset of Android, all of Apple, likely many wearables, most IoT devices, and probably others. I tried to outline the broad trend of curtailing user control (not limited to the bootloader) for those who feel like things have been stationary in the long term.
> Even if you don't notice the pot being boiled there are those of us that do.
Tangent: To me that sounds like a reference to the "frog boiling" story. This has been debunked [1], a healthy frog will not remain in a gradually heated pot of water. We need a better analogy for this.
[1] https://en.wikipedia.org/wiki/Boiling_frog
I'm aware, but it's the understood turn of phrase at present. Similar to "tree shaking" which people started pushing back against at some point and I've no idea why because if it conveys the point then who cares whether or not farmers do it?
> Get back to me when it actually happens
Hello from 2013, and here you go!
https://wiki.ubuntu.com/ARM/SurfaceRT#Secure_Boot
https://openrt.gitbook.io/open-surfacert/common/boot-sequenc...
There was a period where Microsoft was attempting to treat Windows on ARM devices in the same way as Apple treats iPads. That's not how things are now, and the walkback on that doesn't support the argument that the goal is to lock competitors out of the industry.
This is only true if you count ARM tablets as "PCs", which most people don't.
No, UEFI Secure Boot is UEFI Secure Boot. The fact that Microsoft exercised this ability twelve entire years ago on a platform where they thought they could get away with it makes it worse, not better.
The fact that said device no longer exists, and has virtually no modern successors, and certainly none that matter commercially, tells a different story.
Plus, tablets are not PCs. People are happy with tablets and phones as locked devices. They are not happy with PCs as locked devices, and have not accepted such control, maybe outside the MacOS ecosystem.
Why does the type of a general-purpose computing device matters?
> you're making a TiVo style product you want to harden against the device owners.
This sentence just makes me so sad
This should be illegal, and anyone caught doing it fined twice the total cost of amortized ownership per each device owner over the total duration of ownership in addition to completely refunding every customer.
Throw in jail time for decision makers. Lets make markets honest with real incentives.
For a start, stop buying those products: vote with your wallet.
Do you own a phone that's easily rooted? Who else does?
What about your WiFi routers? Internet modem? AirTags? Smart home appliances?
In the early 2010s the majority of Androids were easily rootable and the ROM-modding community flourished as a result.
Rooting a phone fails certain security checks that prevent a lot of banking apps from working on your device.
Yes, it's equivalent to running a computer with admin access, and most banking web sites have no issue with that.
Still, my point was not about running a rooted phone with unlocked bootloader (secure boot disabled on a pc equivalent), but whether if this is possible accounts in your purchasing decision.
Before we had secure phones, we used to get hardware gadgets from banks in order to secure access. Now that phones are secure enough, the phones act as the root of trust (and, unfortunately, SMS does as well...).
Yes, and phones are full of vulnerabilities because vendors provide security updates only for 2-5 years (high end being rare), thus making this a moot point.
The security measures do not need to be perfect. As long as fraud remains at a reasonable level it should be fine.
Agreed.
Full disk encryption on a device you have full control of is sufficient.
Containerization helps if you install untrusted apps.
Not having root helps if you install untrusted apps (either vulnerabilities/exploitable or malicious) as root.
Containers are not security.
Don't trust containers to have the same level of isolation as a VM.
How about switching your bank if it forces you to give away your freedom for no security benefits?
And/or abolish the DMCA "anti-circumvention" laws, which makes it a crime to pick (digital) locks that you own, or discuss how one might do so.
It's still a problem if manufacturers force ExploitationOS on the device I bought, but it's not-as-bad when everyone can collaborate to disable the exploitation-parts.
https://www.eff.org/issues/dmca
Sometimes, people even break the law.
Why? There is a perfectly cromulent license, sitting right there https://www.gnu.org/licenses/gpl-3.0.en.html
It was even explicitly designed to prevent "tivoization." https://www.gnu.org/philosophy/tivoization.en.html
One just has to use it to prevent their software from being locked away from the end user
This isn't just about hardening devices against the owner, some devices by the nature of what they're doing have to go in places where their physical security can't be guaranteed, secure boot means that we can put those devices there and not worry about some kid with a USB stick coming by and either wholesale replacing the operating system with something else or injecting a botnet client into the running system.
You can't play many videogames if you do this, as anticheat won't let the game run unless secure boot is turned on
For values of many being less than one in a million. Yes, the few that do are somewhat popular competitive ones, but they are very very rare in the sea of games that exist.
I'm surprised more huge corporations don't move towards a "Chromebook only" by default. Now you don't have to manage anything. We're all doing our work in browsers anyway.
There are quite a few who have. Ive worked in a google workspace enabled company on a chromeos device for like that last 6? Years. It works 95% of the things, but that last 5% can be frustrating: especially when it involves interoperability with a customers system. Now multiply that by 40000 employees.. that's a lot of help desk tickets.
If you are issued a chromebook to me it signal that they consider you a replaceable cog.
Its one of my interview questions these days. What device will I be issued?
If its a chromebook I know that no matter what they say they don't really care about the postion.
What are you talking about? Because the software you'll be expected to use for your job can run on a Chromebook you're considered a replaceable cog? All that means is that to do the job you're being employed for the company thinks you can do it with a web browser and whatever software will run on a Chromebook, its no different to being issued a centrally managed Windows device.
Chromebooks can be had dirt cheap and for the most part are not customizable in any way. Laptops not so much. Most of the world is not SV or google. They don't put thought into the hardware you use other than is it the cheapest we can get for this persons position.
On the other had I've seen execs/directors that barely turn on their PC get $10k monster laptops because they are considered important. While staff get recycled garbage equipment or a $1000 max per person equipment budget.
It's becoming increasingly popular, albeit slowly. The main barriers are 1) it has to be a corporation that uses Google Workspace rather than MS Office, and 2) there can't be any legacy .exe's that are still required, or else you need to figure out how to support those over some kind of remote desktop to a virtual Windows installation.
Why on earth do you think Chromebooks wouldn't need to be managed?
I think at some point there will gradually be a line that divides consumer type devices and Workstation with a capital W type devices. If nothing else it'll encourage the PC market to really decide for each use-case how much they value having a huge range of laptop or pre-built configurations or being able to assemble from parts. There's a lot of momentum in the PC mindset, but I also think a lot of people would be satisfied with less 'personal' so long as they were able to identify what they need and match it to capabilities of a model. 20 years ago the idea of a phone/table as the personal computer for most people and not a PC/laptop would be silly, yet here we are
Is there not one already? Having a laptop or desktop puts you firmly in workstation category; the consumer type devices are smartphones (and they make up about 90% of all devices so we should probably stop treating mobile web pages as an afterthought).
Even if you can, there might be dark patterns to discourage you, such as showing a "boot screen of shame" if its turned off.
Go in the BIOS and switch it off?
Certainly. Just one problem: Modern consumer BIOS interfaces are graphical and your GPU is off.
That's not how it works; Secure Boot kicks in once EFI hands over control.
The driver that initialises your plug-in GPU is shipped in flash on the card, is signed by Microsoft, and won't run unless that signature validates.
Doesn't that happen only after UEFI starts the boot process, and only if Secure Boot is enabled?
I don't understand what "UEFI starts the boot process" means? The firmware is what initialises the hardware. If the code needed to initialise your GPU doesn't have a trusted signature then it won't be executed, and you won't have any working graphics, so you won't have a UI to let you disable secure boot. If secure boot isn't enabled in the first place then yes this isn't a problem.
The GPU is initialized earlier, so that the screen turns on. The GPU driver can access main memory through the bus.
If you let arbitrary code run before you start checking, you don't have a secure boot chain.
> But when the user is the device owner? Doesn't do much.
A decent Secure Boot implementation together with a BIOS/EFI password at least makes the life of US CBP or similar thugs wanting to use my devices against me much more difficult.
And no, that's not an imaginary threat, certainly not under this administration which has come under fire multiple times for first detaining and then deporting random tourists.
Bitlocker
> EVERYBODY wants that! And I mean ABSOLUTELY EVERYBODY
Please don't use uppercase for emphasis. If you want to emphasize a word or phrase, put asterisks* around it and it will get italicized.*
https://news.ycombinator.com/newsguidelines.html
I know about italics, but this is intentional; I'm expressing outrage.
Yes, and we need you to not express outrage on HN. It's not what HN is for and it destroys what it's for.
I certainly do not want old graphics cards to become ewaste for no good reason.
Recent and related:
Linux and Secure Boot certificate expiration - https://news.ycombinator.com/item?id=44601045 - July 2025 (265 comments)
the steps to import the new keys from microsoft are here:
https://techcommunity.microsoft.com/blog/windows-itpro-blog/...
worked perfectly on a fully updated Windows 11 24H2 installed on an old Surface Pro LTE i5-7300U that is perhaps unlikely to receive another firmware update...
There is also the option of enrolling your own certs and resigning the bootloader and any Option ROMs you need, if you're really worried / expect to actually be broken by this.
Re-signing option ROMs is not trivial (or, well, it's easy to do the signing, it's not necessarily easy to flash that driver back into the card)
I see. I've never had to deal with any Option ROMs myself. In that case the easier option is to add their hash to db?
That's the easiest, but it's a pain if you want to switch cards
I have a HP BIOS that doesn't go into setup mode (required to enroll certs) so I have no choice but to deal with the MS shim.
The moment I lose access to my computer or data due to this nonsense is the day I have a Stallman moment and refuse to play. I'll use a Chinese risc-v machine with 5 year old performance or whatever. This stuff has lived in the far background of my mind for years with thoughts like "fedora somehow handles this so I don't need to worry." But if it hits I'm done. Won't support such hardware ever.
> So, uh, what's the story here? Why is there any engineering effort going on at all? [...] Microsoft will shortly start signing things with a new certificate that chains to a new root, and most systems don't trust that new root. [...] If something is signed purely with the new certificate then it won't boot on something that only trusts the old certificate (which shouldn't be a realistic scenario due to the above), but if something is signed purely with the old certificate then it won't boot on something that only trusts the new certificate.
So, dumb question: If the expiry dates are not enforced, why rotate the certificates at all? The only consequences of Microsoft introducing new keys seems to be that compatibility with old software and systems will over time become worse. But what's the upside - or the actual threat model this is defending against?
I suspect new hardware will need to have only the new certificate if they want some sort of compatibility certification.
That's what I suspect as well. But would this have any actual security benefit or is it just a way to force people to abandon their old hardware like speculated in https://news.ycombinator.com/item?id=44748323 ?
yeah, that sounds about right for UEFI
Can someone knowledgeable on the subject explain if I understand the following right:
If that understanding is correct, can I add myself the new "Microsoft Corporation UEFI CA 2023" (the one that expires in 2038: I think that its name) the same way I can enroll new keys in the dbx? (say my own signed keys?)If I add the new Microsoft key myself, shall it be as a KEK or in the dbx?
Will motherboard manufacturer release new firmware, with the new Microsoft key already signed? In that case, shall be a KEK ?
Basically instead of thinking, as TFA suggests: "Let's not worry about anything, everything shall be fine and keep working because keys expiration date aren't enforced", can I pro-actively enroll the new Microsoft key myself?
P.S: I don't drink the SecureBoot kool-aid but something has to be said about having a Linux unikernel (kernel+initramfs) signed and enforced by SecureBoot. And SecureBoot does at least somehow work. Source: I modified on bit of my kernel and had a SecureBoot error and the kernel refused to boot. You can try it for yourself.
Vouched for the parent because it's a reasonable question.
As well as the new root certificates in db, which are used to decide whether signed code will execute or not, there will be a new signed Microsoft key for KEK. This isn't involved in the boot process, but is required for Microsoft to be able to sign further revocation updates. The article is discussing the db case, and if you want to ensure things signed only with the new key will boot on your system, you would want to add them to db.
Microsoft can sign a db update themselves (since there's a valid Microsoft key in KEK and db updates need to be signed with a key in KEK), but KEK updates need to be signed with PK. Microsoft doesn't own PK, so adding the new KEK requires the system vendor produce an update signed with their PK.
If you are in a position to enroll the new keys then you should enroll the new db keys if you want new binaries to be guaranteed to boot, and add the new KEK if you want to be able to apply future Microsoft-signed dbx updates.
Yes, you can proactively enroll the new Microsoft UEFI CA 2023 certificate in the KEK database using `mokutil --import` on Linux or the UEFI firmware interface directly, though most distros will handle this automatically in upcoming updates.
Not like that, you can't. Firstly, that's not a KEK cert - the KEK cert is "Microsoft Corporation KEK CA 2023". And secondly, mokutil manages the MOK database, not the firmware database. MOK keys control what shim will trust, but it's the firmware keys that control whether or not shim will boot in the first place.
Users should absolutely be able to install the db update by hand if they choose to, but it's late and I don't have the commands to hand. I'll write another post on this soon.
[dead]