Slashdot Mirror
Dual Boot Not Trusted, Rejected By Vista SP1
Alsee writes "Welcome to our first real taste of Trusted Computing: With Vista Enterprise and Vista Ultimate, Service Pack 1 refuses to install on dual boot systems. Trusted Computing is one of the many things that got cut from Vista, but traces of it remain in BitLocker, and that is the problem. The Service Pack patch to your system will invalidate your Trust chain if you are not running the Microsoft-approved Microsoft-trusted boot loader, or if you make other similar unapproved modifications to your system.
The Trust chip (the TPM) will then refuse to give you your key to unlock your own hard drive. If you are not running BitLocker then a workaround is available: Switch back to Microsoft's Vista-only boot mode, install the Service Pack, then reapply your dual boot loader. If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L."
Dual boot systems generally aren't a pain to setup (unless you load Windows second and it overwrites your boot sector). Dual boots are well documented and many people know to load Windows first and then load Linux second and replace the boot sector with LILO or GRUB so you can boot into your choice. It's only Windows that doesn't give choice (as per usual).
This is my sig. There are many like it but this one is mine.
Of course, the article says the problem exists even if you don't have the encryption enabled.... However it looks like what happens in that case is the same as what's always happened when a windows update contains a MBR change: It overwrites your third party bootloader. (Or in this latest case, forces you to do it yourself manually).
I'm failing to see why this is a big deal. Software is in place to check for a piece of third party code intercepting your encryption key... It successfully detects GRUB as such software, and stops. So what?
In which case you can no longer trust linux.
So... yeah. Anyone technical enough to change their bootloader should know how to put it back temporarily so it can get updated.
If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L.
I thought that was the entire point of BitLocker - don't unlock things unless you know that you're not running on top of some evil VM.
Vista's security chain works as designed and intended, preventing from you to inject an untrusted bootloader into the bootstrap. Isn't that what we -want- from our security systems? This isnt' a case of "Microsoft" holding our data hostage, this is a case of our own security policies WORKING.
If I were to be running Linux, with equivalent protection, I'd be right pissed if it could be trivially rootkitted/bypassed by swapping in a malicious bootloader.
The ONLY flaw I see in the entire Vista/TPM system is that users don't seem to have a way of manually trusting things they genuinely want to trust. If it hasn't been blessed by MS its not trusted -- that's a fine policy for general users, but if I, as the hardware want to trust a specific bit of code (e.g. the linux boot loader) then I should be able to manually sign it somehow, and add my personal key to my personal install of Vista. And then the grub bootloader I signed will be trusted on my (and only my) PC.
All the 'chatter on the internets' is currently centered around how to disable UAC, how to disable driver signing, how to go back to running windows as insecurely as possible. i would prefer to see the discussion take a more intelligent direction -- how to obtain keys/certificates, how to add them to Vista's chain of trust on a per PC or per domain basis, and how how sign code with them.
Signed drivers are a FANTASTIC idea. not being able to sign drivers myself for my own hardware is EVIL. But MS --does-- have programs in place to let you sign code with 'development drivers' which are designed to only be valid on your PC... its just that most of the discussion surround the issue is how to disable it, and how evil MS for deciding what is blessed and what is not.
I mean, take Stallman, even -he- who wrote the GPLv3 in part to counter DRM isn't against code signing. He just requires that the keys necessary to sign code be included, so the owner of the hardware and user of GPLv3 code can sign it, and thereby be free to make modifications and excercise all the freedoms intended by the gpl.
That's great...
Except for the fact that it happens on any system that CAN run BitLocker, rather than any system ACTUALLY running BitLocker.
So if you're trying to dual-boot between Linux and Vista Business/Ultimate and you have a TPM-capable machine, forget it: you're locked out until you restore the Vista bootloader.
Even if you're not using BitLocker.
Even if you've never even installed BitLocker.
When you don't have the choice to disable this "option", it IS a big deal.
That being said, there should be a way to register other trusted signature keys in Vista to allow 3rd party boot loaders. I don't know if there is or not, but there should be.
That's exactly what's wrong with the Trusted Computing initiative that the major players (Microsoft, Intel, etc) are implementing: they don't trust YOU to make those kinds of decisions to trust 3rd parties.
http://www.againsttcpa.com/
More Twoson than Cupertino
Put windows on the first hard drive, then install linux on the second hard drive. Setup grub so it chainloads the windows boot record (for one of the options), and finally make your bios boot off the second hard drive.
Then Windows is happy and ignorant of its true surroundings.
Thats how my dualboot desktop at home is setup.
When you explicitly check the MBR and have an infrastructure to stop your hardware from operating based on its check ... that's not a bug ;)
A loop, by its nature, continues. If that didn't make sense, start reading this sentence again.
You know, I had to use that crack to get my copy of Vista reinstalled (all the partitions got wiped out, including the OEM one), because it refused to use my OEM key without the OEM partition, and simply wouldn't active. So, I had to crack my already-paid-for copy of Vista. Oh, sure, I could have gone and sent it back (to Acer, yeah right), or called Microsoft, but isn't it funny that I get a better "customer service experience" from cracked software?
Posting anonymous for the above reasons.
No, they just disagree who the owner is :)
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
This is by design. If you are into the secure boot stuff you'll know why.
This is not about DRM and such (but may be) but about *your* data encrypted by BitLocker (the DRM is about protecting *somebody else's* data from you - that is why it is flawed concept).
Right now there are some kinds of attacks that let you compromise the entire system right from boot (using other than approved bootloader and unsecure boot proces) puting it into hypervisor and thus being able to retrive keys and such directly from memory.
In fact I don't see any other option as to control entire boot proces. And if you wish to control it you need to use tools that support it.
So in fact it is not a Bad Thing. It could be a bad thing if you are casual-security user - but this 'casual security' is not so secure isn't it?
I bet BitLocker documentation covers that. But why bother checking? It is better to set the "secure" option to "on" and dumbly belive it.
That's nice. The Windows idea of supporting it is "go look on technet" versus
the Linux version where it's already built-in and configuration is done for
you automatically.
This precisely the stupidity that Windows trolls like to accuse Linux of
subjecting the end user to.
A Pirate and a Puritan look the same on a balance sheet.
You do have a choice. The choice is called "turn off BitLocker". Inherently the BitLocker feature is worthless if it allows you to run an arbitrary bootloader.
> Never Trust Trustworthy computing. it hasn't earned it.
Trusted Computing.
There's a big difference between Trusted and Trustworthy. As this update proves.
[...]they'll either use rubber hose cryptanalysis[...]
So that's just DoJ thugs coming to your house and whipping you with a rubber hose until you tell them the password, right?
I'm so glad we torture now. I feel so much safer knowing we've got that weapon at our disposal.
It's been a long time.
MOST Microsoft customers will be perfectly happy with that level of intrusive control, and won't even realize it's there. It's only that lunatic fringe that thinks that they actually *own* the computer that they paid money for, and want to dual-boot, that will realize that something is amiss at the Circle K.
The living have better things to do than to continue hating the dead.