Insecure UEFI Boot

Discussion in 'Security' started by Ace, Jan 14, 2013.

  1. Ace

    Ace

    Joined:
    Sep 13, 2011
    Messages:
    76
    Likes Received:
    13
    Location:
    Canada
    So far, what is known to me is that UEFI boot is not very secure. There's a few reasons why, and various tests have been done for proof of concept.

    A team of security researchers at ITSEC were able to create what they called a "UEFI bootkit" and this was designed to specifically blast Windows 8. What makes this flaw a big issue in my opinion is it's ability to bypass the PatchGuard (kernel patch protection) and Driver Signature Enforcement policies in the Windows kernel, and can overwrite the original UEFI bootloader.

     
    Ace, Jan 14, 2013
    #1
    Ian likes this.
    1. Advertisements

  2. Ace

    Kougar Moderator

    Joined:
    Sep 16, 2011
    Messages:
    74
    Likes Received:
    11
    There's a lot of ways to install unverified drivers, that's nothing new. I don't think testing in a virtual machine means this was a system with UEFI's secure boot mode enabled either, which MS was pushing for for reasons exactly like this one.
     
    Kougar, Jan 18, 2013
    #2
    1. Advertisements

  3. Ace

    Ace

    Joined:
    Sep 13, 2011
    Messages:
    76
    Likes Received:
    13
    Location:
    Canada
    Not on UEFI boot though for Windows 8. It was adopted back when Windows 7 was around, but only started to become recognized with Windows 8's release. Apparently it's significance on Windows 8 has not been fully patched though.

    And Secure Boot was enabled here. Testing on a virtual machine doesn't mean that it doesn't go through a similar boot process; bootloader and all drivers are still loaded. The only difference between the BIOS and UEFI is that the mode switches from 16bit to 32/64bit depending on the OS that is being loaded from pre-boot to the main secure desktop, in UEFI this process is not dependent on 16 bit mode supported by x86 processors like the BIOS is as it was designed for this architecture.

    If you read up on UEFI, this is all it is:
     
    Ace, Jan 18, 2013
    #3
  4. Ace

    Ace

    Joined:
    Sep 13, 2011
    Messages:
    76
    Likes Received:
    13
    Location:
    Canada
    I can't edit my previous post anymore, but these bypasses never used to be as critical with the regular BIOS, as seen in UEFI boot. You can't skip the boot process and get into Windows normally though, so it's either the BIOS, or UEFI regardless. UEFI boot is an option though...
     
    Ace, Jan 18, 2013
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.