Slashdot Mirror

← Back to Stories (view on slashdot.org)

Dual Boot Not Trusted, Rejected By Vista SP1

Posted by timothy on from the that's-south-of-luckless dept.

Alsee writes "Welcome to our first real taste of Trusted Computing: With Vista Enterprise and Vista Ultimate, Service Pack 1 refuses to install on dual boot systems. Trusted Computing is one of the many things that got cut from Vista, but traces of it remain in BitLocker, and that is the problem. The Service Pack patch to your system will invalidate your Trust chain if you are not running the Microsoft-approved Microsoft-trusted boot loader, or if you make other similar unapproved modifications to your system. The Trust chip (the TPM) will then refuse to give you your key to unlock your own hard drive. If you are not running BitLocker then a workaround is available: Switch back to Microsoft's Vista-only boot mode, install the Service Pack, then reapply your dual boot loader. If you are running BitLocker, or if Microsoft resumes implementing Trusted Computing, then you are S.O.L."

4 of 525 comments (clear)

  1. Vista and Mac OS? by TheMidnight · · Score: 5, Interesting

    Has anyone tried this with Boot Camp? I had no problems with Mac OS X and FileVault dual-booting with either XP SP2 or Vista base.

  2. Not trusted for a reason by naoursla · · Score: 5, Interesting

    If you are using BitLocker then you want your data to be secure. There are probably ways that a compromised boot loader can allow an attacker access to your data. Vista closes this security hole by requiring the boot loader to be a cryptographically signed binary that it trusts. If it didn't, this story would instead be "Vista BitLocker encryption not secure on dual boot systems".

    That being said, there should be a way to register other trusted signature keys in Vista to allow 3rd party boot loaders. I don't know if there is or not, but there should be.

  3. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  4. Re:But what if... by Sancho · · Score: 5, Interesting

    Not at all true. Security isn't binary. Bitlocker alone will stop 99% of attackers who try to get at your data through physical access. The rest probably won't bother with a trojan bootloader--they'll either use rubber hose cryptanalysis or a hardware keylogger, depending upon how stealthy they want to be.

    I don't see a problem with Bitlocker using TPM in this way at all. But it should allow me to disable the bootloader check if I so choose.