Secure Boot is a technology buried deep inside the firmware of modern Windows devices. It’s present on most laptops, desktop PCs, tablets and phones running Windows versions newer than Windows 8. It’s designed to prevent devices running anything other than their factory-installed operating system.
This helps to keep the user safe. It ensures every component loaded during the boot process is digitally signed, preventing the computer from loading a modified version of Windows. It also has the unfortunate side effect of preventing end-users from installing other operating systems, such as Linux, but for most people the benefits of Secure Boot outweigh the drawbacks. Advanced users can generally disable the feature from within the motherboard’s UEFI interface.
While Secure Boot generally runs without any intervention, there are some cases where its operation may need to be altered, such as when debugging a faulty device. To allow for this, Microsoft created Secure Boot policies. These are special rules that are loaded before Secure Boot itself. The feature always obeys these rules, making them a powerful resource.
If a rule was created that told Secure Boot to disable itself, it would follow the instruction without question. Perhaps inevitably, Microsoft internally has such a rule. The special policy disables every operating system signature check, leaving Secure Boot powerless. Any OS could be loaded, Windows or otherwise.
This is handy for Microsoft developers. They can use the policy to test different OS versions on a device without needing to cryptographically sign each build, cutting a time-consuming phase out of the development process. For everyone else, it’s a serious security risk, although protections are in place to ensure the policy can’t be maliciously exploited.
To prevent hackers from creating Secure Boot rules and injecting them into target machines, Secure Boot requires every rule to be signed by Microsoft. Additionally, rules can only be installed by Microsoft using a special Microsoft-signed tool. In theory, rules are protected by three levels of protection, preventing hackers from exploiting them.
That was the case until last month, when Microsoft made a spectacular slip-up. Security researchers MY123 and Slipstream discovered that Microsoft recently deployed its internal Secure Boot disable rule to the world, in a Windows Update for consumer devices. Millions of Windows devices around the world suddenly received a Microsoft-signed and ready-to-use “golden rule” that force disables Secure Boot.
The policy has now made it onto the Internet. How it made its way into a public update hasn’t been confirmed. It has been confirmed to function as intended on all Windows devices though, disabling Secure Boot on ARM, x86 and x64 platforms. The golden key can be used by consumers and cybercriminals to unlock Secure Boot on devices that don’t include a UEFI switch to turn it off.
The mistake is being held up as an example of what could go wrong if the FBI’s requests for golden keys and back doors are granted. Politicians are demanding that law enforcement be given a set of keys that can be used by investigators to unlock devices owned by criminals. Microsoft’s Secure Boot fiasco demonstrates the dangers of creating such a system. If the golden keys were to leak out, any device could be unlocked by malicious actors.
The researchers who uncovered Microsoft’s mistake used the opportunity to take fire at the FBI, posting a pointed message about creating golden keys:
“About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don’t understand still? Microsoft implemented a “secure golden key” system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a “secure golden key” system? Hopefully you can add 2+2…”
The Secure Boot leak poses no immediate security risk to retail devices, although attackers with physical access to a device could use it to install an infected OS. The policy can’t be used to directly extract user information or hijack hardware, however. The leak is even proving to be a benefit to owners of some devices.
Microsoft’s old ARM-based Windows RT Surface devices can now be unlocked, opening the door to alternative operating systems being installed. With Windows RT now abandoned by Microsoft, owners have been left with almost useless devices. The Secure Boot policy can be used to reflash the tablets with a new OS, potentially including Linux and Google’s Android.
Microsoft is now trying to revoke the policy and recover from its mistake. In another update published last month, it added the rule to a list of policies to ignore. This only prevents it being installed though. Devices that already have the rule configured will still load it.
Another patch is expected next week which will add more restrictions but still leave the rule usable. A third update will arrive in September which could finally revoke the magic policy entirely from consumer devices. MY123 is already planning a workaround though, proving to the FBI that golden keys aren’t the answer to accessing the devices of criminals.
