Hacker News new | comments | show | ask | jobs | submit login
SecureBoot in Ubuntu 12.10 (dodds.net)
45 points by riledhel 1846 days ago | hide | past | web | 20 comments | favorite

I've seen a lot written about the how of SecureBoot but is there a good summary of the why's. I'm still deeply skeptical that this is part of Microsoft's plan to eventually transform the PC architecture into something console-like.

They've already de-facto achieved that by not mandating that custom OS's can be booted on Windows 8 supporting ARM devices, and between them and pressure from content owners wanting complicit OS's that don't run applications that do things they don't like I can only see that sort of thing progressing in the future.

Ostensibly secure boot exists to foil bootkits (bootloader rootkits) which (in theory) cannot be detected or removed by any antivirus tools. Secure boot also prevents bootloader-based activation hacks (e.g. "Windows Loader") that make it easy to pirate Windows (these hacks can be seen as a special case of "benign" bootkits).

Lack of secure boot also makes it impossible for remote third parties (e.g. netflix, content providers, or enterprise IT departments) to trust client software.

Even windows secure boot doesn't provide protection against a targeted attack, but conceivably a combination of EFI secure boot and a bug-free well implemented OS (heh) could provide enough protection for DRM on video content, basic enterprise computing (with non-hostile users), etc.

I still think none of this crap really belongs on the client; it is however an awesome fit on the server, which is an area people haven't really explored enough.

> I still think none of this crap really belongs on the client; it is however an awesome fit on the server, which is an area people haven't really explored enough.

Agreed. I remember reading an IBM research paper about combining TPM and virtualization on the server, and getting excited about the possibilities. I wonder what happened to that project.

EDIT: found it! http://domino.watson.ibm.com/library/cyberdig.nsf/papers/442...

VMware has some TPM features built in (although basically limited to remote-attest that it's a legitimate VMware ESX server).

Intel also had some demo stuff, but the problem is Intel's security software group was kind of a revolving door spinning at a 3-6 month rotational speed.

The DRM for video content just doesn't make sense to me - who is it really for? Will it stop most people? Yes. Will it stop the 0.01% qualified individuals who then share it with everyone else? No!

They will essentially never be able to stop the release groups from releasing stuff, but they can presumably prevent casual ripping by end users, then use the heavy hammer of RICO to go after the groups (DrinkOrDie...).

They need to make the value spread between pirate and legit as wide as possible, but rather than making better DRM (to make pirated sw less useful, but also make legit software less useful), IMO they should just focus on making legit software fundamentally more useful when legitimately licensed. I know Steam essentially got me to stop pirating games by integrating their social features, easy library management, etc. Mac App Store sort of does that for most Mac software, too. But there's also the issue of price point -- even if I bought every game I wanted, that's probably <$1000/yr. It's easy to consume >$1000/yr in movies/tv, music, and "internet content", and even easier to pirate, with less value on top of the raw content.

How prevalent are bootkit (MBR) malicious exploits though? Surely the right place for this is for windows to prevent boot modification without authentication though UAC or something similar?

It already exists. http://www.stoned-vienna.com/ I also read that it was trivial to make a "boot kit" for Windows 8 without secure boot. I actually think it a very big deal and hope many Linux distro's develop something similar.

Secure boot is a form of defense in depth that is really only needed if the kernel is compromised. So yes, the attacks that it prevents are hypothetical and may never exist. And yes, it may be too high a price to pay for the unknown level of protection that it provides.

A compromised kernel does not seem that unlikely. I am not fammilar with Windows, but I assume it supports hotloading code into kernel space (like modules in linux), given this, it would be trivial to get from root in userspace to arbitrary code execution in kernel space.

Between driver signing and kernel patch protection, it's harder than you think. But clearly Microsoft is preparing for that sort of compromise.

If some signed driver is found to have an exploit, is there a mechanism to revoke the signature?

I agree that I would like to see custom OS's be bootable on any device, but Microsoft is merely continuing the trend here. Neither Apple nor most Android manufacturers allow ARM devices to boot custom OS's. What is so special about Microsoft that it is an issue when they do it but not the 2+ years other manufacturers have been doing it?

I think the general objection is that the instruction set of the CPU isn't salient, rather it's the form factor. The Surface is presented more like a laptop than a tablet, and there are some 3rd party manufacturer Windows 8 ARM laptops in the pipeline.

The whole mess around this should be a reminder to us all that it's very, very hard to disentangle social problems from technical problems.

It's easy to disentangle them, they are not inheritenly related. What's hard is convincing some people that social problems don't have technical solutions. The attractiveness of the technical solution is that it is so much easier than the social solution that it just has to exist.

Like the password problem (eg people choosing "password123" as their password). That's an easy technical problem to solve (and in fact is solved). I can't understand why passwords are so easy to crack. It's only a matter of getting everyone to behave differently. <mild sarcasm/>

I would argue that all of the really hard problems in software development[1] (and most technologies) are really hard because they are social in nature, and it is the social nature that makes them so hard.

This is similar to the food production/distribution problem. We create enough food to feed the world, but, due to many geopolitical forces, we can't get the food to all the people that need it. No matter how good we get at growing and shipping food (the technical solution), there is some warlord somewhere who will steal it from his subjects (the social problem).

1. Not computer science. P==NP has nothing to do with Aunt Marge.

That's a great example, thanks for bringing that in. I was more thinking of community management since I'd just been skimming "Building Web Reputation Systems" again and its authors have quite a bit to say about the entanglement of social and technical problems. But like you say, there are a lot of domains where technical problems are entangled with social ones - it's just that those domains are software engineering as a practical discipline, not computer science as a branch of math. My favorite examples are time zones, Unicode, and country names/boundaries.

How many time zones are there in the world? How many will there be next year? Your NTP server needs to know.

How will you store humans' names that can't be expressed with the BMP alone? The iCloud servers need to know.

Is Taiwan a country? How about Kurdistan? Where are the borders of India? Google Maps needs to know.

There is plenty of software that won't have to deal with these problems ... but these problems can be huge headaches, and part of that is because of their nature as both social and technical problems.

Is Taiwan a country? How about Kurdistan? Where are the borders of India? Google Maps needs to know.

Google Maps needing to know is the technical problem, sure. But representing borders is a reasonably solved technical problem. The social problem is people disagree about those things, and Google Maps representing that disagreement (if it can be represented at all) is a secondary concern to third-parties who just want to provide accurate maps. And there's nothing technical that can be done to solve that disagreement. You could very well provide localized Indian borders when viewing Google Maps (which is actually easier to do, and keep updated, with electronic maps than with print maps), or show the areas in dispute as being in dispute, but the issue is that the parties that disagree think everyone else should see it their way (thus the nature of disagreement).

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact