Apr 9, 2013

Linux developers working on a way to bypass Windows 8 secure boot

Microsoft has been getting a lot of heat in recent months for its decision to require UEFI secure boot on upcoming Windows 8 PCs. UEFI secure boot is a method of locking down a system’s bootloader so that no unsigned code can be installed. That means pre-boot malware is dead in the water, but it also makes it difficult to install alternative operating systems like Linux.

Well, the Linux community is banding together and might finally have the tools needed to bypass that restriction.

Microsoft originally wanted to require hardware vendors to make secure boot mandatory with no option to disable. Eventually Redmond compromised; x86 systems will have a toggle hidden deep down in the UEFI settings, but WinRT device will have secure boot locked in. A few weeks ago, RedHat announced that it was going to be paying for a Verisign bootloader through the Microsoft Sysdev portal, allowing its software to be installed with secure boot.

Not all Linux devs are content to take this route, so James Bottomley, chair at Linux Foundation’s Technical Advisory Board, is taking action. Bottomley has publicly posted a new Intel Tianocore UEFI boot image to help developers out. Tianocore is Intel’s open source UEFI image, which has Microsoft’s Authenticode built in.

Developers will now be able to run a virtual boot platform with secure boot for testing. This is important because it’s currently very difficult to get your hands on UEFI secure boot hardware in advance of Windows 8. It is hoped that this image will help the community figure out a secure boot bypass.

While it’s really cool to see the community rally around this cause, a bypass to secure boot will negate any security benefits it might have had. Still, if the good guys don’t find it, someone else will.


Post a Comment