Windows 8 Secure Boot Defeated

jhigh writes "An Austrian security researcher is scheduled to release the first 'bootkit' for Windows 8 at the upcoming MalCon in Mumbai. This exploit loads in the MBR and stays memory resident until Windows loads, resulting in root access to the system. This allegedly defeats the new secure boot features in Windows 8's bootloader."

Secure boot is UEFI

[Anonymous Coward]

Secure Boot is a UEFI feature, not Windows one. The article makes no reference to UEFI whatsoever - and it offers no explanation either for what mechanic was actually defeated. I do doubt the integrity of the article ARS is using.

UEFI doesn't have MBR

[Manip]

Uhh UEFI literally has no MBR, it doesn't exist. So please explain to me how this exploit functions when the MBR doesn't exist? I think he is booting his drives in the wrong mode, which is to say legacy MBR mode instead of ADAPI/UEFI mode.

Re:Secure boot is UEFI

[makomk]

Secure Boot is a Windows feature building on a UEFI feature. If I'm understanding it correctly, every stage in the chain needs to be secure in order for the boot to actually be secure - a security flaw in either the UEFI firmware or the Windows code could render it ineffective.

Back in the 1980's

[ackthpt]

We saw all the tricks people employed to copy-protect games on the C64. Most of them were pretty weak. The most effective I recall were the methods which spread out their information gathering throughout the boot process. This prevented someone trying to break copy protection from easily identifying the part of code where the detection was executed. If Microsoft gathered information, throuhout the boot process it could easily assemble some sort of checksum to check the boot sector and identify if it wasn't genuine. Does it take more than 30 years to figure this sort of thing out?

Re:Secure boot is UEFI

[0123456]

Don't forget DRM: this way Microsoft can ensure that you can't install drivers or other software that can break the DRM system. Only a signed OS runs, only signed drivers run, eventually only signed applications from the Windows App Store run.

Re:Secure boot is UEFI

[cbhacking]

The funny thing is, this kind of thing is exactly the reason *for* Secure Boot (the non-conspiracy one, not the one that Slashdot is typically talking about). If you're using UEFI and you can verify a chain of trust, then you don't have boot sector malware. The fact that boot sector malware is possible on Win8 if you're NOT USING UEFI (because you're using an MBR) is not only obvious, it's the problem that Secure Boot is supposed to prevent.

I wonder, among the peoople who tagged this "irony", how many actually ahve the right of it. The only irony in the situation is that Slashdot is so rabidly opposed to the idea that a headline which is factually incorrect (blatantly obviously so) is posted because it is compatible with the popular bias, despite having no basis in the technology that we nerds supposedly understand.

That all said, there are certainly valid concerns about Secure Boot. It's entirely possible that they outweigh the value of making malware like this impossible. You should know what you're up against when you argue your case, though.

Comment removed

[account_deleted]

Comment removed based on user account deletion