"Golden key" leaked by MS, secureboot is not secure anymore.

[Elixer]

https://rol.im/securegoldenkeyboot/

Now, for Microsoft's screwups. During the development of Windows 10 v1607 'Redstone', MS added a new type of secure boot policy. Namely, "supplemental" policies that are located in the EFIESP partition (rather than in a UEFI variable), and have their settings merged in, dependant on conditions (namely, that a certain "activation" policy is also in existance, and has been loaded in). Redstone's bootmgr.efi loads "legacy" policies (namely, a policy from UEFI variables) first. At a certain time in redstone dev, it did not do any further checks beyond signature / deviceID checks. (This has now changed, but see how the change is stupid) After loading the "legacy" policy, or a base policy from EFIESP partition, it then loads, checks and merges in the supplemental policies. See the issue here? If not, let me spell it out to you plain and clear. The "supplemental" policy contains new elements, for the merging conditions. These conditions are (well, at one time) unchecked by bootmgr when loading a legacy policy. And bootmgr of win10 v1511 and earlier certainly doesn't know about them. To those bootmgrs, it has just loaded in a perfectly valid, signed policy.

Whoops!

 

[sn8ke]

Defective By Design.

Seems keys weren't actually leaked, as in no one can sign things as MS, but rather can self sign things or install unsigned things. Still I think this is good news in that it may wake more people up as to why this kind of thing is bad and should not be supported.

I wonder what this could mean for libreboot/coreboot hackers. Still can't use libreboot on new hardware due to Intel's IME, and AMD's equivalent I suppose, but it might be useful.