UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

← Back to Stories (view on slashdot.org)

UEFI Secure Boot Pre-Bootloader Rewritten To Boot All Linux Versions

Posted by timothy on Friday February 1, 2013 @07:52PM from the next-level-reached dept.

hypnosec writes "The Linux Foundation's UEFI secure boot pre-bootloader is still in the works, and has been modified substantially so that it allows any Linux version to boot through UEFI secure boot. The reason for modifying the pre-bootloader was that the current version of the loader wouldn't work with Gummiboot, which was designed to boot kernels using BootServices->LoadImage(). Further, the original pre-bootloader had been written using 'PE/Coff link loading to defeat the secure boot checks.' As it stands, anything run by the original pre-bootloader must also be link-loaded to defeat secure boot, and Gummiboot, which is not a link-loader, didn't work in this scenario. This is the reason a re-write of the pre-bootloader was required and now it supports booting of all versions of Linux." Also in UEFI news: Linus Torvalds announced today that the flaw which was bricking some Samsung laptops if booted into Linux has been dealt with.

46 of 185 comments (clear)

Min score:

Reason:

Sort:

Microsoft controls compoter booting by ozmanjusri · 2013-02-01 20:03 · Score: 5, Insightful

The redesigned bootloader has already been submitted to Microsoft for singing and once the signed version is received, The Linux Foundation is planning to provide it for free.
Why in hell did the world give Microsoft control over computer bootup hardware?
That's just insane.

--
"I've got more toys than Teruhisa Kitahara."
1. Re:Microsoft controls compoter booting by Xipher · 2013-02-01 20:14 · Score: 5, Insightful
  
  The alternative is to try and get every motherboard manufacturer to accept a singing key from them. Having Microsoft sign it means they don't have to deal with that headache.
  
  --
  I don't know everything.
2. Re:Microsoft controls compoter booting by fph+il+quozientatore · 2013-02-01 20:16 · Score: 4, Insightful
  
  Why in hell did the world give Microsoft control over computer bootup hardware? That's just insane.
  I am curious - with a huge SSL signing and authorities infrastructure in place, why did no one ever think to use it? That's probably horribly broken in many other ways, but at least it will only take one solution to solve both problems, when someone manages to fix SSL.
  
  --
  My first program:
  Hell Segmentation fault
3. Re:Microsoft controls compoter booting by SuricouRaven · 2013-02-01 20:33 · Score: 5, Insightful
  
  Because Microsoft demanded OEMs give it that control, or else lose their access to dirt-cheap OEM windows licenses. As it is impossible to sell a computer without Windows outside of a very small niche - most users don't even know what an OS is - that gives Microsoft such bargaining power that when they demand, OEMs have no choice but to comply.
4. Re:Microsoft controls compoter booting by Zemran · 2013-02-01 20:45 · Score: 5, Funny
  
  I love the idea of singing motherboards :-) it would be much better than this stupid idea that is being forced on us in order to make more money for M$...
  
  --
  I love stacking my barbecues in the shed at the end of summer - you can't beat a bit of grill on grill action.
5. Re:Microsoft controls compoter booting by Bob9113 · 2013-02-01 20:48 · Score: 4, Insightful
  
  Why in hell did the world give Microsoft control over computer bootup hardware?
  Because our government leaders voted that the risk of allowing corporations to inhibit competition was less threatening than the risk of allowing the government to regulate such behavior. It reflects the laissez-faire notion that corrupt elected officials are more dangerous than corrupt corporate executives. Though, in practice, our lax policy regarding such anti-free-market behavior is the result of corrupt corporate executives financing corrupt elected officials.
  
  --
  Stop-Prism.org: Opt Out of Surveillance
6. Re:Microsoft controls compoter booting by Anonymous Coward · 2013-02-01 21:06 · Score: 2, Informative
  
  Because the alternative is to sign with your own key and enter that into the UEFI firmware. Which you can do. The complaint from some parties is that users are too stupid to do so, so bootloaders 'must' be signed with an existing key.
7. Re:Microsoft controls compoter booting by Mike+Frett · 2013-02-01 21:07 · Score: 5, Interesting
  
  I actually sent a very long and detailed letter the DOJ about this and how it constitutes a violation of the Sherman Act. Not Five (5) minutes after sending I received a generic reply about how Microsoft was not in violation of anything.
  With all the E-Mail these people receive and the sheer size of my Letter, there is no way in hell the DOJ read my Letter that fast. What they did was see the word 'Microsoft' and instantly reject it.
  Next week my lawyer is cutting me a deal to rewrite my letter and send it by other means to the right people, we'll see what happens then. Of course I have no money to fight anybody in court, but at least I am trying to get a response that isn't generic.
8. Re:Microsoft controls compoter booting by EvilIdler · 2013-02-01 21:13 · Score: 5, Interesting
  
  That could potentially be an article of its own. Hope you post it everywhere :)
9. Re:Microsoft controls compoter booting by Patch86 · 2013-02-01 21:45 · Score: 3, Insightful
  
  If he was wrong, it would be nice if they could respond to each point he raised and tell him why he was wrong. Getting a reply which says "trust us, don't worry about it" is always going to be unsatisfying.
10. Re:Microsoft controls compoter booting by sl4shd0rk · 2013-02-01 21:51 · Score: 2, Interesting
  
  Why in hell did the world give Microsoft control over computer bootup hardware?
  The world didnt. Microsoft, along with a handful of major hardware vendors did. This is what monopolies do.
  
  --
  Join the Slashcott! Feb 10 thru Feb 17!
11. Re:Microsoft controls compoter booting by Anonymous Coward · 2013-02-01 22:09 · Score: 5, Funny
  
  It'd be loads more fun to troubleshoot as well.
  fur elise - bad ram check
  oh fortuna - check video card
  etc etc.
  Much easier than beep codes and instills a bit of culture too.
12. Re:Microsoft controls compoter booting by mrbluze · 2013-02-01 22:14 · Score: 3, Interesting
  
  Microsoft is in bed with the US government at high levels so i don't think your letter will go anywhere.
  This is significant. What is the difference between having your computer pwned by some kind of boot-time virus that feeds your info to criminals, to having your computer pwned by some kind of government official who is also a criminal?
  There is no other way to look at this situation than to accept that it is an abrogation of a basic freedom - to run whatever the hell we want on hardware we paid for
  
  --
  Do it yourself, because no one else will do it yourself. [beta blockade 10-17 Feb]
13. Re:Microsoft controls compoter booting by Anonymous Coward · 2013-02-01 22:23 · Score: 4, Interesting
  
  I think you mean if someone manages to fix SSL. The huge number of SSL signing authorities is its biggest weakness IMHO.
14. Re:Microsoft controls compoter booting by ozmanjusri · 2013-02-01 22:34 · Score: 2
  
  No offense, but I don't want to pay for a DOJ that staffs an extra 2,000 people just so that they can read every piece of email that comes in, and respond back with a detailed analysis of all the legal mistakes made.
  If they've already done the investigation, they should include the findings in the automated boilerplate response to any question about secure boot. No additional staff needed.
  
  --
  "I've got more toys than Teruhisa Kitahara."
15. Re:Microsoft controls compoter booting by ami.one · 2013-02-01 23:13 · Score: 5, Funny
  
  Reminds of the old days when a linux kernel compile would take 6 hours and we were trying some modifications for VIA hardware which required hundreds of tries with minor changes in the driver codes - so we would start the compile with a script to play two different types of music on Error or Success, and then go to sleep.
  If in the middle of the night it was dire straits then we would get up and debug/fix the errors and start a compile again; if it was some soothing instrumental we would continue sleeping knowing that its compiled.
16. Re:Microsoft controls compoter booting by bcmm · 2013-02-01 23:26 · Score: 3, Informative
  
  It's a misdirection. We direct our anger at untouchable faceless corporations instead of individuals who are actually vulnerable at election time.
  
  --
  # cat /dev/mem | strings | grep -i llama
  Damn, my RAM is full of llamas.
17. Re:Microsoft controls compoter booting by isorox · 2013-02-01 23:35 · Score: 2
  
  The redesigned bootloader has already been submitted to Microsoft for singing and once the signed version is received, The Linux Foundation is planning to provide it for free.
  Why in hell did the world give Microsoft control over computer bootup hardware?
  That's just insane.
  The idea was suggested 16 years ago, you have Stallman to blame.
  
  Dan would eventually find out about the free kernels, even entire free operating systems, that had existed around the turn of the century. But not only were they illegal, like debuggers—you could not install one if you had one, without knowing your computer's root password. And neither the FBI nor Microsoft Support would tell you that.
18. Re:Microsoft controls compoter booting by martin-boundary · 2013-02-01 23:40 · Score: 4, Insightful
  
  No offense, but I don't want to pay for a DOJ that staffs an extra 2,000 people just so that they can read every piece of email that comes in, and respond back with a detailed analysis of all the legal mistakes made.
  
  I'd prefer they waste their money on that, than use it to prosecute hackers who copy science papers. The money, once in the budget, will be spent regardless. If it _won't_ be spent on serving the public, it _will_ get spent on selfish career making schemes.
19. Re:Microsoft controls compoter booting by exomondo · 2013-02-02 00:01 · Score: 3, Insightful
  
  The alternative is to try and get every motherboard manufacturer to accept a singing key from them. Having Microsoft sign it means they don't have to deal with that headache.
  Or to not use secureboot motherboards or just turn secureboot off and continue on as we do now, hell if you really wanted to use windows 8 you still could, it doesn't need secureboot either, it doesn't even need UEFI.
20. Re:Microsoft controls compoter booting by maxwell+demon · 2013-02-02 01:42 · Score: 2
  
  How would entering a bootloader key into an UEFI input box be more complicated than typing a product key into an installer input box, which apparently users managed to do for quite some time?
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
21. Re:Microsoft controls compoter booting by Anonymous Coward · 2013-02-02 01:46 · Score: 5, Funny
  
  Standard boot message:
  "Is this the real life?
  Is this just fantasy?
  Caught in a landslide
  No escape from reality..."
  Oh so many lines from that song would make great kernel error messages.
22. Re:Microsoft controls compoter booting by mrchaotica · 2013-02-02 02:50 · Score: 2
  Step 1: Create SecureBoot, and make it "optional"
  Step 2: Make SecureBoot mandatory on ARM
  Step 3: As the market continues to shift towards phones and tablets, let x86 compatibility become obsolete
  Step 4: There is no step 4; Linux is now locked out of all new hardware
  We're at step 2 already and step 3 is inevitable. That means we've already lost.
  --
  "[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
23. Re:Microsoft controls compoter booting by ami.one · 2013-02-02 03:12 · Score: 3, Interesting
  
  That didn't work because we were developing a thin client type of consumer device on VIA micro boards which had to do network boot with the kernel delivered by the ISP over the network and it was not possible to have a mounted rootfs - so almost everything required was in the kernel. On top of that VIA had notoriously difficult code for its drivers which would get modified by us with almost no knowledge & just trial and error. Good times.
24. Re:Microsoft controls compoter booting by ZorinLynx · 2013-02-02 03:30 · Score: 4, Interesting
  
  Why not allow the owner of the motherboard to sign their own code? This could be done at OS install, then if any malware modifies the code, it won't boot.
  Giving control to the manufacturer just sounds wrong.
25. Re:Microsoft controls compoter booting by maxwell+demon · 2013-02-02 03:53 · Score: 2
  
  Users who don't install an operating system also won't need to add a key to the firmware.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
26. Re:Microsoft controls compoter booting by TheGratefulNet · 2013-02-02 04:57 · Score: 3, Funny
  
  spill some coffee on the motherboard and its:
  thunderbolts and lightening,
  very very frightening...
  
  --
  
  --
  "It is now safe to switch off your computer."
27. Re:Microsoft controls compoter booting by TheGratefulNet · 2013-02-02 05:00 · Score: 2
  
  if ARM an x86 becomes a no-go, I suppose there's always a cluster of arduinos and the eventual port of linux to them.
  (yes, I'm kidding. I'm pretty sure I'm kidding..)
  
  --
  
  --
  "It is now safe to switch off your computer."
28. Re:Microsoft controls compoter booting by Just+Brew+It! · 2013-02-02 05:33 · Score: 2
  
  Some people have reported that a dab of hot glue on the coils will quiet them down. (Caveat: I have not personally tried this.)
29. Re: Microsoft controls compoter booting by Just+Brew+It! · 2013-02-02 05:43 · Score: 2
  
  Good luck with that. Asus (largest motherboard maker) isn't very Linux friendly. They sometimes use semi-custom chips for peripheral functions (USB 3.0, temperature monitoring, etc.) and won't release specs to the FOSS community. The FOSS drivers do catch up eventually, but it means using a recent Asus motherboard is often a crapshoot with regards to Linux driver support. If this is how they deal with device drivers, I can't imagine them being particularly receptive to any requests to include Linux boot keys in the BIOS.
  In any case, MS would probably claim that pre-installing Linux boot keys is a security hole, and convince the mobo makers not to do it.
30. Re:Microsoft controls compoter booting by TheGratefulNet · 2013-02-02 14:44 · Score: 2
  
  the classic was always "keyboard not found: hit any key to continue."
  
  --
  
  --
  "It is now safe to switch off your computer."
Alternatives by fyngyrz · 2013-02-01 21:10 · Score: 5, Insightful

Well, actually, another alternative is for motherboard manufacturers to continue to make motherboards that boot the same way as they have for some time. So older, fully functional operating systems can continue to boot.
Of course, this would allow us to continue to use those fully functional OSs, and remove a goodly portion of the incentive to upgrade... so one might, if one were cynical, imagine that there is a corporate motive at work here.

--
I've fallen off your lawn, and I can't get up.
1. Re:Alternatives by Anonymous Coward · 2013-02-01 23:34 · Score: 4, Informative
  
  Which they do. Every motherboard out there can have its secure boot disabled by the user, in addition they should all accept custom keys.
2. Re:Alternatives by nojayuk · 2013-02-02 00:22 · Score: 3, Informative
  
  Not implementing UEFI means the mobos can't be used in a production environment where they can receive the coveted "Windows 8 Ready" approval for millions of customers in the coming years. Continuing with the older BIOS system means they can easily boot alternative OSes for a few thousand enthusiast customers (who can in fact use UEFI anyway) but they lose the much bigger market. Decisions decisions...
  Mobos are megacheap for what they do because of the numbers of each model that are built; a custom mobo with classic BIOS to specifically support Linux or other open OSes would cost hundreds of bucks per unit produced in limited quantities. At that point a cost-benefit analysis says "pay the damn Microsoft tax already!"
3. Re:Alternatives by Simon+Brooke · 2013-02-02 01:53 · Score: 4, Interesting
  
  Mobos are megacheap for what they do because of the numbers of each model that are built; a custom mobo with classic BIOS to specifically support Linux or other open OSes would cost hundreds of bucks per unit produced in limited quantities. At that point a cost-benefit analysis says "pay the damn Microsoft tax already!"
  While in practice the pragmatics of the situation are that you are right, in principal I believe that we should be talking to the anti-trust authorities - both sides of the Atlantic - because this is very clear abuse of monopoly. Unless, of course, Microsoft irrevocably commits to authorise any version of any competing operating system for free, in which case the whole point of secure boot has just vanished.
  
  --
  I'm old enough to remember when discussions on Slashdot were well informed.
Re:Isn't this, "also Linux works round Samsung bug by ProfMobius · 2013-02-01 21:35 · Score: 5, Informative

Agreed. From http://www.jakobheinemann.de/en/blog.html :

The implementation in Samsungs UEFI shows some weird behavior. Error code EFI_INVALID_PARAMETER should only be returned, if one of the given pointers to variables is NULL and pointing to an invalid memory section. Samsungs implementation also throughs this error, if the given memory blocksize is not exactly 128 bytes, so for example (like the Linux-efivars module does) 1024 bytes. The Linux module does not expect the strange error code (it checks for NULL pointers itself) and does not report any UEFI variables, no boot entries, no nothing. The installer accepts that and installs the Linux boot entry into the first slot, where actually the boot entry for the setup is located - overwriting that entry! Setup is dead since Linux took its boot entry.
It does look like the Samsung implementation is doing weird things and Linux is doing weird things in return because it is expecting it to follow standards...

--
EULA : By reading the above message, you agree that I now own your soul.
Samsung UEFI by Anonymous Coward · 2013-02-01 21:38 · Score: 2, Interesting

So ... does this mean Windows installs are just as vulnerable to a malicious piece of code poking bits to the wrong memory addresses and bricking the laptop? since it's an UEFI problem, it should be OS-agnostic.
Re: samsung by Gaygirlie · 2013-02-01 22:39 · Score: 2

Later on in the thread someone said that clearing NVRAM is enough to fix the brick, ie. either remove the NvRAM battery or otherwise prevent it from refreshing the NvRAM for 30 seconds and you're golden. Granted, that still requires opening up the whole laptop.
Samsung's response? by harryjohnston · 2013-02-01 22:44 · Score: 3, Interesting

Has anybody seen confirmation that Samsung will be repairing affected user's machines under warranty? Definitely a design fault, it should be impossible for software to brick hardware.
Nothing Has Been Fixed With Samsung Laptops by segedunum · 2013-02-02 00:16 · Score: 5, Informative

I don't know where people get that idea from. If you read the kernel people are just disabling the driver because the code is so utterly retarded. Samsung haven't done shit about it as is typical for Samsung.
Re:Can't you just disable secure-boot? by maxwell+demon · 2013-02-02 02:00 · Score: 2

On x86, you can -- for now. On ARM, you can't -- at least if it is Windows 8 certified.

--
The Tao of math: The numbers you can count are not the real numbers.
There is the key problem.. by Junta · 2013-02-02 02:29 · Score: 2

The concept of 'SecureBoot' is inherently unable to accommodate user keys very well. The reason being that abilitiy to write the keystore from the OS in a straightforward manner makes it, by definition powerless. Now it could be mucked with so that for desktop systems you request some one-time passphrase from firmware setup and then use that in the OS to push your key. For servers you could use ability to authenticate to serive processor as a key (complication being that it would have to be a credential beyond the reach of IPMI KCS type interfaces, since that's not securable. Ultimately though, the whole concept of secureboot as the mechanism to always protect the boot seqence is flawed. Thinking about the larger picture proves this out. The more precisely a security mechanism can model the authentic intent of the authorized user, the better. SecureBoot as defined can only model the vendors intent, which has to be fairly wide open. Some people have said that this could protect the integrity of SELinux, but then again malicious policy data could be fed in. You could argue that perhaps they can at least be tamper-evident with an audit log, which is critical but not ambitious enough. What they should have emphasized was a mechanism where the frimware and OS work together with the TPM. The authorized OS takes ownership of the TPM and from then on the boot process be protected in that way. Offline attacks can be meaningly mitigated to a significant degree, which SecureBoot really cannot. The OS would require passphrase to sign kernel, initrd, and loader configuration file. The model wouldn't scale up beyond that, but the likes of LUKS could actually meaningfully take it from there to assure tamper-proof fielsystem and hibernate memory images.

--
XML is like violence. If it doesn't solve the problem, use more.
1. Re:There is the key problem.. by maxwell+demon · 2013-02-02 03:37 · Score: 2
  
  The key installation process could remain completely in the BIOS. First, the OS verifies the boot image with the installed keys. If that fails, it looks for the key in a standardized location. If no key has yet been installed (which means this is the initial installation boot) it just installs that key. Otherwise, it asks the user for a fingerprint of the key, which for bought OS versions can be entered from the installation instructions (very much like the product key today), and for self-signed bootloaders you'd just generate that from the key. Note that at this point no operating system is yet running so unless the BIOS itself is compromised (in which case all protection it might have provided is gone anyway) there's no way any malware could interfere with that process (of course it also must be secured that the initial installation state cannot be reached again except from within the BIOS).
  For pre-installed computers, the initial installation would be done by the vendor; if the user wants to install an operating system with another key than the pre-installed one (e.g. wants to switch from Windows to Linux), all he has to do is to enter a key fingerprint found in the documentation when booting up the install disk. For computers bought without OS, even that step is not needed.
  I don't know much about servers, but I guess they are generally sold either without OS, or preinstalled with the OS intended to be used. In both cases, there would be no need for user interaction.
  This scheme of course leaves a small hole in that you might install your initial OS from compromised installation media (for subsequent installations, that would be caught by the need to enter the fingerprint, unless you are switching vendors and also the documentation was compromised). However I don't think that risk is much higher than the risk of having a compromised BIOS, especially given that end user computers are generally sold pre-installed.
  
  --
  The Tao of math: The numbers you can count are not the real numbers.
Re:Isn't this, "also Linux works round Samsung bug by IAmR007 · 2013-02-02 03:12 · Score: 2

I just hope this doesn't end up like ACPI, where everything is broken and only companies with secret specs can be made to work easily.
Samsung didn't follow the standard. Linux did. by raymorris · 2013-02-02 03:58 · Score: 4, Interesting

Linux followed the IEFI standard. Samsung did not. Unambiguous foul on samsung.

More specifically, Samsung tried to implement version 2 of the standard and advertised it as version 2, but accidentally left in code which required version 1 behavior. Additionally, if an OS implemented version 2, when Samsung's firmware got confused, it didn't throw the proper error message, but instead returned it's own address to be overwritten. So at least two failures on Samsung's part. Linux simply followed the standard as written.
Re:Yeah by Microlith · 2013-02-02 08:10 · Score: 3, Informative

It is not written into the UEFI spec. In fact, the UEFI specification makes no such statements with respect to it being possible to disable secure boot, only how it is supposed to work. That was done deliberately.
The only reason you can even turn off secure boot on hardware now is because Microsoft caught shit for the first pass of their guidelines that left it up to OEMs whether or not users would be able to turn off secure boot. Had they left like that you can guarantee that Samsung et. al. would have locked every laptop and desktop they shipped with Windows 8 and you would never actually own your PC again.
I bet Samsung is more pissed that Microsoft changed it so they had to allow for unlocks than they are at their own developers.