To start with, security of "secure boot" there is a joke because anyway all os have to be signed by Microsoft itself. So anyone with they certificate key can do whatever they want.
And btw, not that long ago it was released by researchers than more than 200 platforms from diverse but main laptops and servers manufacturers were still using leaked keys for signing their boot loaders...
> security of "secure boot" there is a joke because anyway all os have to be signed by Microsoft itself.
Is Apple a joke because they sign the root of trust for their devices? Someone has to be the root authority. Honestly I trust MS more than I do Google or VerisignDigicert. They are the least likely to intentionally break things.
The reason MS controls the root and not Red Hat etc. is because the Linux camp spent years arguing back and forth about exactly how much they hate secure boot - like an HOA arguing over paint colors - instead of presenting solutions.
> So anyone with they certificate key can do whatever they want.
this is literally how PKI works
Somehow I think MS put a little more thought into their PKI design than whatever you're trying to convey here. What were the other options? Store it on a Yubikey sewn into rms's beard?
People are quick to dismiss secure boot simply because they refuse to understand it.
>Someone has to be the root authority
No-one has to be, and it certainly doesn't need to be anyone but the owner of the machine.
> No-one has to be, and it certainly doesn't need to be anyone but the owner of the machine.
Technically the web should work with self-signed certificates. But that is likewise impractical.
You can enroll your own certificates as long as you have unlocked firmware. However, in order for vendor ISOs to boot without modification, they need to be signed by some trusted root beyond your control.
Not really? The entire use model could be "just show a prompt on first use" which literally MS is trying to kill, because oh it just so happens the status quo basically benefits them and nobody else.
I'm not sure what's being complained about here. Most PCs (still) come with Windows, so "first use" will have occurred before you obtained the computer. A motherboard bought separately usually comes unlocked so you can remove the Microsoft certificate if you don't want to trust it anymore. If you're saying that unlocked parts bought individually should not come with any certificates trusted out of the box, I don't necessarily disagree, but this would be a regression in security and convenience for the average user, so it's unlikely to be adopted.
Or just show a prompt whether you try the first time you try to boot something with a signature that is not recognized, like what a million slightly-less-consumer-hostile appliances out there do. This _adds_ convenience to the user, and it is hardly a regression in security.
If there is no pre-existing trusted root, the certificate presented is meaningless to laypeople. There's no way for the average person to know whether to press yes or no to it, as they're not about to check the SHA256 fingerprint against some obscure web page they have to access from another device. Nobody gets official media anymore; everything is burned, flashed, or second hand. Self-signed is no better than unsigned if you don't know how or don't bother to check.
Just to be clear, I'm not saying you shouldn't be able to boot something you trust on a device you own, just that it's completely reasonable to have Microsoft's certificate preloaded.
This is as ridiculous as it gets -- so malicious Linux install media is the problem you want to defend against? When has this _ever_ been a problem? And more importantly -- why is this ridiculous problem so important the solution must be giving MS even more monopoly abusing powers?
People may use pendrives, but even if they literally google "Linux install" and click on the first result they are getting the media from the correct website. One could even claim it is in practice even a better situation than getting it from a random, even if reputable magazine as it was common 20 years ago.
The certificate is not meaningless; it still identifies the same publisher. E.g. if you already trusted Suse once, you do not get the same prompt again.
If you really cannot reliably identify the contents of your install media for the very first installation, what do you want to do here? And why is Windows having the advantage even improving the situation at all? With no dbx, you have a myriad of exploitable Windows versions ready to be used in your 'compromised' Windows install media. And due to the draconianess of the secure boot lockdown, most Linux users will either disable secure boot entirely, add the MS UEFI CA (with the extra bazillion of now non-MS backdoors that entails), or roll their own PK/MOK. In all 3 cases, your compromised install media 'wins' and secure boot has been useless. These are not dumb users precisely...
As usual with secure boot, the threat vectors it 'defends' against are very farfetched, made redundant with a plenitude of easier attack vectors that secure boot will not protect against, and anyway whatever protection SB may give is defeated entirely by comically easy methods (e.g. using a legit windows install media to simply boot the pc with your fake fullscreen windows install/logon dialog while you clone the bitlocker encrypted disk. Bonus points if you use that same computers' recovery partition instead of external install media, which was still an unpatched hole just a couple years ago) precisely because SB basically defaults to "trust anything from MS" instead of trusting only what the user wants it to trust. It also happens that MS not only benefits significantly from this current implementation but also has repeateadly used it to push other OSes away.
This is not about Linux vs Windows and it's perfectly possible (in fact, much more likely) to ship malware via Windows-derived install media. Secure Boot does not protect against post-boot vulnerabilities but it does protect against persisting those vulnerabilities through bootkits. I do not endorse any position which makes claims about the security benefits of Secure Boot beyond simply protecting the boot process. I also don't think Secure Boot is flawless or not in need of revision. I'm also not talking about protecting power users or otherwise knowledgeable people, but rather the average user.
The default trust list can certainly be expanded beyond just Microsoft, but as the vast majority of PC users are running Windows, obviously Microsoft should be in there. In the real world, install media gets shared around and reused as much as it gets freshly downloaded for every install. And even a fresh download on a pwned PC can be modified in situ or when imaged so it can't necessarily be trusted anyway. Even if default-trusting Microsoft has allowed exploits like you describe, that is not a regression compared to not using Secure Boot, and most (all?) of those machines had Windows installed already so would've been trusting Microsoft anyway.
There's an avenue of argument here about whether Secure Boot as currently architected is really offering enough benefit to even justify its existence, but that seems tangential at best to the question of whose certificates to trust. The ideological and anticompetitive issues about Microsoft are not relevant to the point I'm making.
All evidence has always pointed to the purpose of Microsoft SecureBoot being introduced primarily as an obstacle to continued use of Windows 7 as well as Linux on PC's going forward when Windows 8 PC's were released.
Not like there's any question.
Overwhelmingly more so than for "security" purposes.
Any lesser understanding of Microsoft SecureBoot, well, I understand.
I've seen that kind of that kind of refusal before.
Basically a little bit yes. Especially for an entity located in US and with strong links to the basic government.
But in the case of secure boot, this is worse, because Microsoft is just a "software" editor. But its root certificate and probably a few random others are distributed in countless of devices produced by manufacturers unrelated to them, but also, a few number of software distributors will also have subkeys to be able to sign their os/software. All of that, with zero transparency.
And in the end, if I buy a Lenovo laptop, to have Linux OS running on it, there is no reason and no trust to have my OS be signed by Microsoft, that has the key to run whatever they want on my laptop. Think about it and you will see that it makes no sense at all, if you don't trust Microsoft for your OS, to have to trust them for ensuring a secure boot...
Technically you can revoke the default root of trust and install your own.
Then manually sign your bootloader.
This feature is available at least in my Gigabyte mainboard, but is not particularly easy to use, which is why bootloaders come pre-signed with a known root of trust. There's nothing stopping the installer from generating the root of trust on the fly, except for the default settings in many machines.
Can also preload measurements for hardware while at it so that nobody swaps a PCIe device for an evil twin.
Some PCs are able to use your own keys, which can be used to sign your bootloader. This has worked well for me with various HP computers (EliteBooks and EliteDesks). One of those, which only runs Linux, will refuse to boot the Windows installer. On my work laptop, I've also added the Windows key (not the 3rd party one) so I can dual-boot.
I understand some computers may not support this as well, so YMMV.
Here is the article I was referring to: https://arstechnica.com/security/2024/07/secure-boot-is-comp...