[HN Gopher] What is an SBAT and why does everyone suddenly care
___________________________________________________________________
What is an SBAT and why does everyone suddenly care
Author : todsacerdoti
Score : 241 points
Date : 2024-08-22 09:11 UTC (7 hours ago)
(HTM) web link (mjg59.dreamwidth.org)
(TXT) w3m dump (mjg59.dreamwidth.org)
| pas wrote:
| is it possible to update grub from Windows? or is it enough to
| disable secure boot, boot Linux, upgrade, reenable?
| dwattttt wrote:
| I wouldn't try update grub from Windows, but the second
| strategy would work.
| zokier wrote:
| I don't see why you couldn't update grub from Windows, its just
| EFI binary in ESP after all.
| mjg59 wrote:
| Distro grub is signed by the distro rather than Microsoft, so
| coordinating that would be extremely difficult
| ab71e5 wrote:
| Why? You could just copy the binary and signature to your
| EFI partition from Windows? What am I missing here?
| cesarb wrote:
| From what I understood, the parent's question is not about
| Microsoft updating grub; it's about a person hit by the
| bug, and thus in a situation where Windows boots but Linux
| doesn't, using Windows to copy the correct file (probably
| extracted from an updated package from the Linux
| distribution they're using) to the correct place in the EFI
| partition by hand.
|
| (The first obstacle would be that AFAIK the EFI isn't
| mounted by default on Windows, but I believe it should not
| be hard to tell Windows to mount it and give it a drive
| letter.)
| zx8080 wrote:
| MS could just sign it with whatever three-letter agency
| certificate they usually cooperate with. /s
| rwmj wrote:
| I really hate the error message from shim (or SB in general) when
| a security check fails. At tell me _what_ exactly failed and what
| I could do to fix it.
| xnzakg wrote:
| Seems to be a general trend in a lot of software nowadays.
| Vague error messages telling you "Something went wrong" with no
| additional details.
| immibis wrote:
| It's not a new trend - error-code based software would
| propagate that ERROR_INVALID_PARAMETER all the way from the
| function with the invalid parameter back out to the return
| value of the user operation, then helpfully tell the user
| "Invalid parameter!"
|
| Exceptions with string messages and full stack traces might
| be yet another underrated Java invention.
| chuckadams wrote:
| Dr Watson is still a thing for getting tracebacks. Doesn't
| work for kernel mode of course, but most things don't.
| ziml77 wrote:
| God that error is nearly useless even to the developer.
| Last couple of times I've gotten it, I've dropped the DLL
| that the error originates from into Binary Ninja and run
| the debugger to figure out which parameter failed a check.
| ben_w wrote:
| I grew up with "System Error Type 11" (or whatever the exact
| quote was, hard to find on google).
|
| I think the only button on the dialog box was "Restart".
| wongarsu wrote:
| Something went wrong _frowning smiley_. Our engineers are
| probably working hard on fixing it right now.
| kccqzy wrote:
| This is why I strongly prefer working on software made by
| developers for developers. That is to say, internal tooling.
| You can just show the entire error message in as much detail
| as possible, without a PM stepping in and saying you can't
| show this much scary text to the typical user. Especially if
| the user of the software also has easy access to your source
| code so they can search for the exact string and find the
| exact location of the error, and understand exactly what
| checks are being done to emit that error.
| fmajid wrote:
| Or at least include a URL to a web page explaining the error
| and what you can do about it
| zokier wrote:
| I think Windows BSOD including QR code was pretty clever
| idea, although unfortunately it's halfbaked in that it's just
| a fixed generic URL instead of something specific to the
| error.
| syene wrote:
| The problem with bootloaders is they really can't spare a
| lot of storage. Storing different QR codes for all the
| common errors might be asking too much.
| antonkochubey wrote:
| Currently EFI partitions are on the order of 300-500 MB
| for common installs, that'd allow you to store millions
| of PNG-compressed QR codes.
|
| Or even better, a small library which'd allow bootloader
| to generate it on the fly.
| Yoofie wrote:
| No please don't do this. I have lost count how many times I
| tried to follow a link only to get a 404 page. If there is an
| issue where the app gives the user an error, show the error
| details & context directly and list the possible mitigation
| steps right then and there.
|
| A URL with specific content is just another thing that now
| needs to be maintained along with the code and failure modes.
| zokier wrote:
| shim has an EFI variable to control its verbosity, you can set
| it to output all the gory details with e.g. `mokutil --set-
| verbosity true`, and on a glance there are some tools on
| Windows too to modify EFI vars
| rwmj wrote:
| Why wouldn't that be the default?
| wongarsu wrote:
| Because most users are afraid of gory details. And the
| people who know enough to fix it are expected to somehow
| know how to turn on logging. It's the modern equivalent of
| "please contact your administrator"
| rwmj wrote:
| The first thing the "administrator" will need is all the
| details. If they were printed, the person reporting could
| at least send a screenshot or similar.
| IshKebab wrote:
| Handy for the 7 people in the entire world who a) knew this
| existed and b) bothered to change it.
|
| (Realistically I expect that's mainly used for debugging
| purposes for the Shim authors.)
| kccqzy wrote:
| I hate error messages from most software. Recently my system
| failed to boot because systemd told me a start job is running
| for a certain disk. And it doesn't tell me what the nature of
| the start job is, why the start job is needed, and why the
| start job is not finishing. From the disk UUID I could guess
| the first two, but there was no way to guess the third.
| imchillyb wrote:
| If security vendors followed this logic then all an attacker
| would have to do is look up the error and render the security
| moot.
|
| By leaving the reason vague an attacker has no immediate
| feedback and no clue how to remedy.
|
| I vastly prefer the way this works now.
| wtetzner wrote:
| The only way this could be an issue is if it's entirely
| relying on security through obscurity.
| mtlmtlmtlmtl wrote:
| This sort of thing is exactly why I have automatic updates
| disabled on my Windows partition. I've been burned so many times
| by bad Windows updates breaking stuff. My favourite is when stuff
| breaks during the "configuring updates" stage after a reboot,
| leaving Windows in a boot loop with no error codes or anything to
| help you figure it out. And of course the documentation from MS
| is utter garbage. Most of the time the only solution I found was
| to reinstall Windows.
|
| Now I always google around a bit before applying any fresh
| Windows updates to see of there's any breakage reported.
| detourdog wrote:
| The last time I had to manages windows I used Unattended to
| wipe and re-install to a base level. I found that diagnosing
| and troubleshooting was not worth the effort.
|
| https://tgup.net/
| gcr wrote:
| How does tgup compare to ninite? The latter seems more
| polished and older/stable, with more software available.
|
| https://ninite.com/
| 1oooqooq wrote:
| if you're at a point you need either of them, just hire
| someone too work on the oem scripts.
|
| for personal use, not really worth it imo
|
| if you're installing the right version of windows
| (Enterprise ltsc) it's already one click install. and your
| applications will change every week anyway.
| detourdog wrote:
| no idea. This was the early 2000s. I'm sure it's based on
| the same thing. I set-up a netbsd box as the server and
| could hook up as many laptop as I had network ports. I
| would then just hit the enter key or perform a few manually
| steps when things couldn't be automated.
|
| I'm sure it's all based on silent install or the /s switch
| for install.bat. If my memory is working.
| BaculumMeumEst wrote:
| My Windows install is stuck in a boot loop like this - it
| spends 10 minutes trying to update and then fails, except maybe
| 1/3 times it then boots normally. I don't even try to do
| anything about it, I just marvel at it.
| qludes wrote:
| I have a Thinkpad that did something like this, it would try
| to install updates, fail and eventually boot into some kind
| of recovery wizard that demanded the bitlocker key. That
| wizard wasn't able to actually fix anything either but after
| failing a few times the system finally would uninstall the
| update. The whole process took over an hour with zero
| feedback.
|
| I had to switch to Linux just to get a machine I could rely
| on.
| cooljacob204 wrote:
| Last time I saw a computer do that it was due to bad memory
| sticks.
| mtlmtlmtlmtl wrote:
| Yeah, it turns out applying updates during boot is bad
| design. I'm sure plenty of people at MS realise it is, but I
| guess they don't care enough to fix it.
| mixmastamyk wrote:
| Windows can't replace running executables, so needs to
| reboot. Fundamental design not easily changed.
| pohuing wrote:
| Do you dual boot? That's what mine did when the efi partition
| was too small for grub and windows' bootloader
| BaculumMeumEst wrote:
| Yeah, I dual boot. I think my efi partition is around
| 100mb. I forget if Arch puts just one backup kernel in
| there, but I feel like I saw a lot of garbage in there once
| that I had to clear out. Maybe that's the problem, will
| investigate, thanks.
| moffkalast wrote:
| I hate to say it but the best way to use windows is to install
| it, fully update it, nuke the update center, obliterate the
| update services and leave just defender updates enabled. Then
| when it's too out of date in a few years, reinstall and repeat.
|
| The result is a rock solid reliable experience that even an LTS
| linux can't match. Nothing ever breaks, every new piece of
| software works since it's all mostly self contained, backwards
| compatible, and not dependent on 13543 dynamic apt deps that
| all need to be at a specific version. I thought flatpak would
| fix this on linux, but every time I flatpak itself updates half
| of its apps break with mysterious error messages and refuse to
| launch until they're also updated. It's a pretty shit execution
| what could've been a great windows equivalent. Okay? Okay. Rant
| over.
| ParetoOptimal wrote:
| > The result is a rock solid reliable experience that even an
| LTS linux can't match.
|
| NixOS because of its generations has been extremely stable
| for me for years.
|
| Have an issue? Reboot, select yesterdays generation (similar
| to but better than restore point), and keep working.
| 9dev wrote:
| This is really bad advice--don't follow it. Zero day
| vulnerabilities are a thing, and you intentionally prevent
| yourself from getting those fixed quickly. Running critical
| software without updating may have been possible in some
| distant past, but it isn't any longer: You _will_ catch an
| exploit or crypto locker at some point.
|
| Microsoft abusing its update mechanism to pushing crap is
| nothing new, but downright refusing updates ins't the answer
| either.
| moffkalast wrote:
| When a windows update destroys your install, is it really
| any different from actual malware? I consider it one and
| protect myself accordingly.
|
| At least you can be careful about the rest with adblocking,
| sandboxing and being irrelevant enough to not make your
| machine a target for anyone competent, which gives you a
| pretty great chance at avoiding them. If you keep built-in
| malware (and in recent versions, also spyware) running,
| then getting screwed by it is a certainty. Personally, I'll
| take my chances and I think the average HN user would not
| have any problems doing this, but I wouldn't really
| recommend this approach to someone that's not tech savvy.
| I'd give them a Chromebook instead.
| 9dev wrote:
| > At least you can be careful about the rest with
| adblocking, sandboxing and being irrelevant enough to not
| make your machine a target for anyone competent, which
| gives you a pretty great chance at avoiding them.
|
| That maybe used to be a thing, but isn't anymore really:
| There only needs to be a single, unpatched vulnerability
| in your network stack, the multitude of devices around
| you, whether at home, work, or in a cafe, none of which
| you control, might exploit.
|
| And one more little piece of trivia; high levels of
| expertise usually come with increased negligence on the
| basics, because you're less careful. This affects pilots
| and nerds alike; just think of Ross Ulbricht.
|
| Good luck :)
| JohnFen wrote:
| Windows updates are too dangerous to trust automatically.
| I've been burned to various degrees too many times to
| think otherwise. If Windows is too dangerous to use
| without automatic updates, then it's just too dangerous
| to use, period.
| moffkalast wrote:
| Yeah all it takes for to drop dead is a single blood
| vessel bursting in one's head, one careless driver, one
| wrong thing eaten, one wrong step and you fall and break
| your neck.
|
| It's always one unlikely thing. I don't think living in
| such paranoia is a life worth living tbh. Some small
| risks you just accept to live normally, and 99.9% of the
| time it'll be alright. With 2FA and other multi device
| safeguards the risk is acceptable. Frankly authentication
| for things has gotten so bloated that even the actual
| user has a hard time logging into things these days.
|
| Frankly I'm more worried about losing or damaging my
| phone, if that happens then I'm far more screwed and it's
| a risk we all accept every day. I keep it in aluminium
| armour to de-risk :)
| duped wrote:
| > Zero day vulnerabilities are a thing, and you
| intentionally prevent yourself from getting those fixed
| quickly.
|
| And yet, Windows updates are a bigger threat to me than
| malware.
| 9dev wrote:
| Yup, everyone says that--until their identity has been
| stolen and used for fraud, all their files get encrypted,
| or Google deletes their account after it's used to send
| spam.
|
| You do you mate.
| whereistimbo wrote:
| > Okay? Okay. Rant over.
| coldpie wrote:
| > I thought flatpak would fix this on linux, but every time I
| flatpak itself updates half of its apps break with mysterious
| error messages and refuse to launch until they're also
| updated.
|
| Linux oldheads could've told you this would happen before the
| project was even created. We solved package management and
| dependencies in the 90s and no one has improved on it since.
| Just stick with stuff in your distro's repos. If it's not in
| the repos, don't use it. Problems gone.
| moffkalast wrote:
| Yeah alright but people want to like, do things.
| coldpie wrote:
| If you want to use proprietary software, yeah, you should
| use Windows. It's built for that. For better or worse,
| Linux really isn't.
|
| Edit: Or use Windows binaries with your distro-provided
| Wine. Win32 is the only stable user-level Linux API.
| tannhaeuser wrote:
| Although MS' stance to block old vulnerable grub installs seems
| reasonable here, I've come to run Windows only for games and a
| single piece of legacy software (as a backup for my aging x86
| Mac) without net access at all. The moment you allow Win updates,
| everything is up to chances. MS moving around registry keys and
| other shenanigans to force "telemetry" (aka ads and behavioral
| data scanning for ML) onto users, even on Windows Pro, should be
| telling enough. Needless to say, I'm running Win 10.
| zokier wrote:
| Major question for me is, are the grubs that are getting rejected
| completely unpatched, or were they patched by distros without
| updating the "security generation"?
|
| I'd be also really curious to hear how MS was attempting to do
| dual-boot detection, I hope someone (more skilled than I) would
| reverse engineer that bit from the update.
| ChocolateGod wrote:
| > Major question for me is, are the grubs that are getting
| rejected completely unpatched, or were they patched by distros
| without updating the "security generation"?
|
| Reading into
| https://www.gnu.org/software/grub/manual/grub/html_node/Secu...
|
| It's possible it's both?
|
| > I'd be also really curious to hear how MS was attempting to
| do dual-boot detection
|
| I'm in the boat that they shouldn't doing dual boot detection
| at all, it sounds like everyone agreed to use SBAT to stop
| vulnerable bootchains from being exploitable and some Linux
| distributions got caught slacking.
| notarealllama wrote:
| <Tinfoil hat> I think there's more than meets the eye here. I
| think part of the reason MS is enforcing TPM2.0 and now this SBAT
| update is that there is widespread rootkit level malware and they
| are trying to stay ahead of the curve. </Tinfoil hat>
|
| When it comes to the realities of dual-booting, I had tons of
| problems with Win7/8/10 with suspend-to-hiberfile.sys issues and
| updates 10 years ago breaking grub. 10 years ago I finally
| decided, "You know what, I'm just going to run Linux, if I really
| need Windows or Mac, I can run a VM or use a separate spare
| computer."
|
| Since then I have successfully setup Secure Boot for my distro,
| learned how to tweak QEMU for performance and passthrough, got a
| working QEMU macOS VM (although having to update every few months
| to keep XCode working is a pain), and generally pretty happy with
| the state of affairs.
| blueflow wrote:
| > widespread rootkit level malware and they are trying to stay
| ahead of the curve
|
| Microsoft is within US-legislation. So a three-letter agency
| already has the keys and their spyware is a signed UEFI module.
| gruez wrote:
| Similar conspiracy theories exist for TLS certificates, but
| AFAIK there's no proof of either happening, despite how easy
| it would be to gather (ie. capture the certificate).
| 0l wrote:
| Certificate transparency is intended to solve this issue.
| brookst wrote:
| The great thing about conspiracy theories is you can
| always assert lack of evidence as proof. Certificate
| transparency? Ha! Obviously there are secret
| cryptographic weaknesses that make it moot.
| HideousKojima wrote:
| The Snowden leaks made it clear that so long as the
| government has the means and motive to perform some kind
| of surveillance, they'll do exactly that. It may not be
| through the exact methods people are suggesting, but rest
| assured it is happening.
| brookst wrote:
| That's another foundation of conspiracy theory: one
| specific example can serve as evidence for universal
| truth. Sure, the specific claims of theory A might
| collapse, but it might as well be true because it could
| be true because of past example B that is along the same
| lines.
|
| I don't doubt there is secret government surveillance
| we'd all be upset about. I'm not willing to use that
| general belief to assert the truth of specific
| unsupported claims.
| HideousKojima wrote:
| The Snowden leaks weren't one specific example, they were
| dozens, involving every single big US tech company of any
| significance, and involving tons of different methods of
| surveillance.
| Filligree wrote:
| Why wouldn't the TLA override that as well? Perhaps by
| leaning on the company that supposedly owns the domain.
| Deathmax wrote:
| That would be compromising the domain owner, rather than
| the threat model of Certificate Transparency which is
| compromised Certificate Authorities, especially given the
| number of government owned, publicly trusted (sub-)CAs.
| wongarsu wrote:
| The browser is verifying that the certificate appears in
| public certificate logs. So if a TLA forges a certificate
| (whether with the cooperation of a certificate provider,
| DNS provider or domain owner) that is now part of the
| public record. And if they do it with any domain that has
| enough eyeballs, someone would presumably notice. Not to
| mention that it's an easy way for agencies from rival
| countries to tip a reporter or security researcher off
| that it happened.
|
| Of course in reality most browsers don't actually check
| the certificate logs but only require timestamps signed
| by certificate logs that prove that at least two
| certificate logs know of the certificate. A TLA that can
| pressure at least two logs to provide those timestamps
| without actually publishing the certificates isn't really
| stopped. But at least that widens the circle of people
| who have to be in on the conspiracy.
|
| In a perfect world browsers would do spot checks against
| the actual certificate logs, and require that the signed
| timestamps are from logs that are unlikely to be
| influenced by the same actor (e.g. a Western, a Russian-
| sphere and a Chinese-sphere certificate log). Your guess
| why we don't do either is as good as mine
| candiddevmike wrote:
| Why would an agency wanting to MITM you publish data
| about the MITM certificates?
| MatthiasDev wrote:
| Because browsers can require certificates to be in the
| certificate transparency logs to be valid. Chrome already
| does this. If a government convinces a CA to create a
| malicious certificate and publishes this cert to the CT
| logs to perform MITM, it will get found out and that CA
| can close its doors.
| marcosdumay wrote:
| How does the MITM victim get a non-MITM connection to the
| CT logs so they can be sure to get the correct ones?
| dist-epoch wrote:
| By using pinned certificates which are hardcoded into all
| the major browsers.
| vengefulduck wrote:
| Browsers enforce that certificates are signed by two
| independent CT logs. The public keys of which is shipped
| by the browser. So a MITM would need to compromise a
| trusted CA and two CT logs to be able to pull off an
| attack undetected. Maybe not impossible but much more
| difficult than just a single CA compromise.
| immibis wrote:
| The German government caused Let's Encrypt to issue
| fraudulent certificates to xmpp.ru and jabber.ru by
| physically intercepting the server's network connection.
| https://news.ycombinator.com/item?id=37961166
| wyldfire wrote:
| Microsoft can't be compelled to do this by legislators. They
| might do it in order to be seen as a good business partner
| with US Government, but doing so would be a significant risk
| if this were to become public.
| hypeatei wrote:
| I think you underestimate how close big tech and telecom
| companies are to three letter agencies. See the "Protect
| America Act" of 2007 which covered _everyone 's_ asses for
| warrantless spying.
| zer00eyz wrote:
| Ahh memories: Long before Snowden there was good ole 641a
|
| https://en.wikipedia.org/wiki/Room_641A
| voxic11 wrote:
| Wasn't it the FISA Amendments Act of 2008? Or did the
| Protect America Act of 2007 also have immunity
| provisions?
|
| edit: oh I see, the immunity provisions were first
| introduced with the Protect America Act of 2007 but they
| had a sunset date under that law so they were later made
| permanent by the FISA Amendments Act of 2008.
| 9dev wrote:
| Oh, you mean like the time Microsoft was the first company
| in the Prism program uncovered by Snowden, later followed
| by Yahoo, Google, Facebook, YouTube, Skype, AOL, and Apple?
| The program allowing the NSA to decrypt _any_ traffic* or
| data of these vendors? The publication of which had, like,
| no consequences for Microsoft or the others?
|
| Yeah. I don't think they're really afraid of repeating
| that.
| dist-epoch wrote:
| Those exact Snowden documents detailed how Microsoft
| refused to backdoor Bitlocker despite major pressure from
| the NSA.
| mixmastamyk wrote:
| Would like to hear more about this, seems so out of
| character. Have any links?
| tsuru wrote:
| I lost all illusion this was the case after hushmail
| https://www.wired.com/2007/11/encrypted-e-mai/
| voxic11 wrote:
| Congress already granted retroactive immunity for telecoms
| acting in cooperation with the US government with the FISA
| Amendments Act of 2008. I don't see why they couldn't do
| the same for Microsoft (assuming the law doesn't already
| apply to them).
|
| > Release from liability - No cause of action shall lie in
| any court against any electronic communication service
| provider for providing any information, facilities, or
| assistance in accordance with a directive issued pursuant
| to paragraph (1).
|
| - Section 702, subsection h, paragraph 3;
|
| > Release from liability - No cause of action shall lie in
| any court against any electronic communication service
| provider for providing any information, facilities, or
| assistance in accordance with an order or request for
| emergency assistance issued pursuant to subsection (c) or
| (d), respectively.
|
| - Section 703, subsection e.
|
| https://www.govtrack.us/congress/bills/110/hr6304/text
| 1oooqooq wrote:
| hibernate always have been more trouble than it's worth. and
| specially now when boots takes less time than loading your
| webmail.
|
| it just screams you have no data hygiene. it's the extra step
| after living years with 723 open tabs.
|
| qemu passtrhu is the way. and if you don't own expensive
| hardware (i.e. only integrated graphics like all feasible
| laptops), just dual boot with your own signing keys so you
| don't have yo worry about revocation crap. either its signed or
| not. revocation is just replacing the root PK keys.
| jpnc wrote:
| >tweak QEMU for performance and passthrough Any guide you could
| link to that covers all of this? I would like to setup a very
| performant windows VM.
| malwrar wrote:
| https://wiki.archlinux.org/title/PCI_passthrough_via_OVMF
|
| Note that it requires a second graphics card to work.
| Arnavion wrote:
| Or a single GPU that supports SR-IOV, but AFAIK no
| consumer-grade GPU provides it.
| h4ck_th3_pl4n3t wrote:
| > When it comes to the realities of dual-booting
|
| The sad and depressing part is that along the way we lost all
| possibilities of running coreboot or libreboot as an open
| alternative.
|
| The only real option is to buy a used laptop from before the
| T44x generation (if you really want it secure)... or newer
| machines that come with other perks like soldered-on batteries
| that destroy the mainboard along with them when they leak out
| eventually.
|
| I am not sure what the consumer rights protection agencies on
| the planet are doing, but seemingly they've been asleep at the
| wheel for way too long now.
|
| > (Tinfoil hat) (...) I think part of the reason MS is
| enforcing TPM2.0 and now this SBAT update is that there is
| widespread rootkit level malware and they are trying to stay
| ahead of the curve.
|
| The only vendors that seem to do something against it are
| somewhat System76, Frame.Work, Purism and maybe Starlabs. But
| the huge majority of devices is under the absolute control of
| Microsoft's signing process now. So I would argue that this
| isn't a tinfoil conspiracy, but a strategical decision that MS
| made to re-grab their lost power on x86 systems.
| mixmastamyk wrote:
| Framework comes with Intel ME enabled, not able to be
| disabled, and barely updates their firmware. For example,
| they left logofail unpatched for a year.
| RobotToaster wrote:
| It would be entirely unsurprising if most TPMs had a clipper
| chip[0] like backdoor.
|
| [0] https://en.wikipedia.org/wiki/Clipper_chip
| bongodongobob wrote:
| Ubuntu regularly locks up and black screens when I try to
| sleep/hibernate. It's a very common problem that has nothing to
| do with Windows or Microsoft. I also have had 0 issues with
| dual booting for roughly 10 years now. HN wouldn't be HN
| without some baseless MS bashing.
| mixmastamyk wrote:
| Baseless, meet cookie jar:
|
| https://news.ycombinator.com/item?id=31727293
| ab71e5 wrote:
| > Microsoft's stated intention was that Windows Update would only
| apply the SBAT update to systems that were Windows-only, and any
| dual-boot setups would instead be left vulnerable to attack until
| the installed distro updated its grub and shipped an SBAT update
| itself.
|
| I wonder what went wrong here? If you would read the EFI boot
| order it would clearly say to boot shim first? Or were these dual
| boot setups where the user would use the firmware menu to select
| linux or windows?
|
| Anyway this comes at a time when I want to install linux on my
| work PC, since it has two nvme slots I think I'll go with
| installing it on a completely separate drive. Would have not
| prevented this issue though, which seems a legitimate fix from
| microsoft, just bad communication.
| iam-TJ wrote:
| From the people reporting this affecting their Linux boots in
| various IRC/Matrix forums and my diagnostics with them, very
| often they weren't dual-booting in the Microsoft sense, in that
| they were booting using the UEFI Removable Media Path so there
| was no entry in the motherboard firmware's Boot menu.
|
| I suspect the MS installer simply scans the EFI BootXXXX
| entries and looks for a non-Windows boot-loader path like, for
| example, /EFI/$distro/shimx64.efi
|
| If one-such doesn't exist the installer likely assumes it is
| not a dual-boot system.
| TiredOfLife wrote:
| People that dualboot are probably also people that run random
| debloat scripts that disable telemetry. So when such system
| broke there was no signal it happened.
| HumblyTossed wrote:
| Doubtful. I don't.
| HumblyTossed wrote:
| MS has zero vested interest in caring. If they brake booting
| for Linux users, how does that hurt them in any meaningful way?
| Sure they get some press, but is it bad press if most people
| are never affected by this?
| gradschoolfail wrote:
| https://archive.ph/PePOh
|
| Secure Boot Advanced Targeting
| kuon wrote:
| Isn't secure boot the first thing you disable when you install
| linux?
| genpfault wrote:
| Sure is if you want to hibernate!
| dripton wrote:
| I installed Linux on a new laptop yesterday, and couldn't get
| either NixOS or Debian to install until I turned off secure
| boot. So I guess these distros don't bother getting every
| release signed by Microsoft.
|
| At least it was easy to turn off. I just wish the error message
| mentioned Secure Boot -- it took me a few minutes to figure out
| what was wrong. At first I thought I had a corrupt USB stick or
| something.
| hiimshort wrote:
| You can set up secure boot on NixOS with lanzaboote:
| https://github.com/nix-community/lanzaboote
| wilsonnb3 wrote:
| Depends on the distro, Fedora for example works with secureboot
| enabled.
|
| If you are using Nvidia graphics you have to deal with signing
| the kernel drivers but it is pretty easy, AMD or Intel works
| out of the box.
| 0cf8612b2e1e wrote:
| This has been my stance for years, but I am open to be
| persuaded why this is a terrible practice that will lead to
| kitten murder.
|
| I saw someone else give a similar reasoning that if there were
| a booting error, they would never assume it was a rootkit, but
| some breakage between all of the booting cruft. I certainly
| lack any expertise to understand what happens during boot to be
| able to diagnose problems.
| Arnavion wrote:
| You could if you want to, but if your distribution provides a
| UEFI bootloader (shim / grub / systemd-boot / whatever) signed
| by the default MS-trusted cert, or you're willing to set up
| everything yourself with your own certs, it doesn't hurt to
| enable it either (except when an incident like this happens).
| hypeatei wrote:
| > because otherwise they're shipping a vector that can be used to
| attack other operating systems and that's kind of a violation of
| the social contract
|
| I see the end of the chain still ends up at "trust" in
| humans/companies at some level. Microsoft broke dual boot systems
| because they think they know what's best for someone else's
| system and that's not okay.
| Hydrocarb0n wrote:
| IMO secure boot is a waste of time for most scenarios, if theres
| closed source EUFI code running god knows what in the background,
| it dosn't matter how signed and secure your OS kernel is.
|
| Ive never been sucessfully able to dual boot windows and linux on
| a mobo with secure boot turned on, it seems that is a feature not
| a bug I'm sure MS would never influence hardware vendors to make
| it dissadvantage a growing number of linux users.
| 1oooqooq wrote:
| agree its a waste of time, but we pay the paranoid cost is
| special occasion. it does make breaking FDE just a little bit
| more annoying/expensive.
|
| the only time it's worth the hassle for we to enable it: travel
| to the USA, Russia and most of africa (if the country have USA
| backed airport security, like uganda). pause updates, enable
| secure boot with a disposable key we don't store anywhere. that
| on top of the usual FDE with plausible deniability dual boot.
|
| but we still prefer to just fly contributors with blank devices
| if we can.
| wongarsu wrote:
| TLAs from major powers probably have backdoors in your UEFI,
| mainboard or OS. But even if they do that doesn't mean they
| will use them on everyone, they probably keep the good stuff
| for the most valuable cases. Each use of an attack carries the
| risk of the attack vector being discovered and prevented in the
| future. And besides, there are threat actors besides TLAs of
| the USA, Russia and China.
|
| If you use full disk encryption secure boot is pretty
| essential, otherwise an attacker can modify the code that asks
| for your credentials to also log them somewhere easily
| accessible, circumventing your entire encryption. If you don't
| do full disk encryption it's still a decent protection against
| some bootkits.
|
| It can absolutely be more trouble than it's worth. It's not
| _that_ useful in most desktop computers. But if you are
| traveling with a laptop it 's probably worth some effort to
| keep secure boot working on that system (and make it more
| difficult to disable)
| pjc50 wrote:
| Something seems to be wrong with the whole security model.
|
| > those versions of grub had genuine security vulnerabilities
| that would allow an attacker to compromise the Windows secure
| boot chain
|
| This feels like a "my secure compartments are all connected
| together" moment. If Microsoft want to verify that they're in an
| all-Microsoft boot chain, sure, whatever, fine. But somehow the
| compromise of _any_ loader allows compromise of Windows? And in
| turn Microsoft are able to break grub installations? Why is that
| acceptable?
|
| (also, I feel a bit "I told you so" about this. Back when all
| this was being introduced I felt that (a) secure boot increases
| the risk of locking you out of your machine and/or data loss and
| (b) a situation where Linux is dependent on the collaboration of
| Microsoft in order to boot is very dangerous long-term.)
| eightysixfour wrote:
| > This feels like a "my secure compartments are all connected
| together" moment. If Microsoft want to verify that they're in
| an all-Microsoft boot chain, sure, whatever, fine. But somehow
| the compromise of any loader allows compromise of Windows?
|
| Exactly how would you propose starting software securely from
| an unknown environment?
|
| > Back when all this was being introduced I felt that (a)
| secure boot increases the risk of locking you out of your
| machine and/or data loss
|
| So does a password and encryption.
| skywhopper wrote:
| > Exactly how would you propose starting software securely
| from an unknown environment?
|
| Accept that it's impossible?
| wongarsu wrote:
| So don't do secure boot at all rather than saying "when one
| step in the boot chain is compromised that can compromise
| all later steps"? How is that a better security model?
| eightysixfour wrote:
| Okay, so then you need to know the environment, which leads
| us to secure boot. It isn't perfect, but it _is_ better
| than nothing.
| warkdarrior wrote:
| Giving up is certainly an option, but it is not the
| preferred option for some people (myself included). A
| partial option is definitely better than giving up, as long
| as it is well understood.
|
| In this scenario, people who are ready to give up can
| simply stop updating their software, which will solve their
| issue. YMMV of course.
| teekert wrote:
| A recent Linux Unplugged episode went into how one can use the
| TPM to set up a secure and trusted chain of trust for the booting
| process on Linux [0] using Clevis [1], very interesting!
|
| [0] https://linuxunplugged.com/572
|
| [1] https://fedoramagazine.org/automatically-decrypt-your-
| disk-u...
| tostiheld wrote:
| The "new" way of doing this would be using systemd-cryptenroll
| [0]. I did this recently on Ubuntu 24.04. I actually tried the
| default LUKS+TPM shipped with Ubuntu 24.04 at first [1], but it
| was a bit disappointing because it locks you into using snap-
| based kernels. This means you cannot install custom DKMS
| modules (which I needed). Although Clevis is very interesting
| software (you can even unlock based on some other computer in
| your network [2]), it's not absolutely required anymore for
| LUKS+TPM.
|
| [0] https://fedoramagazine.org/use-systemd-cryptenroll-with-
| fido...
|
| [1] https://ubuntu.com/blog/tpm-backed-full-disk-encryption-
| is-c...
|
| [2]
| https://docs.redhat.com/en/documentation/red_hat_enterprise_...
| dathinab wrote:
| I do something similar on all my laptops:
|
| - have custom secure boot platform key
|
| - use a unified kernel image (UKI) which means I directly boot
| the kernel from efi (and place it in the efi partition)
|
| - sign the image with that platform key (I use sbctrl)
|
| - have every thing else including swap partition for
| hybernation fully disk encrypted, I could set it up to auto
| unlock using TPM2 but I would recommend using a long password.
| TPM2+password would be optimal. There had been too many cases
| of leaky TPMs and especially on a laptop you don't want to
| fully rely on it (through you in turn could decide to auto
| login if PCRs are unchanged, or login using only the (often not
| so secure) fingerprint reader etc.)
|
| - efi password, I mean if you don't set that you lose most
| secure boot benefits... EDIT: Not really most, there is still a
| bunch of ways it helps but it's anyway a bad idea to rely on
| secure boot and not have a efi password
|
| As bonus tip:
|
| - include the vfat in your initramfs (i.e. `MODULES=(vfat)` in
| `/etc/mkinitcpio.conf`) if your booting kernel and installed
| kernel modules ever mismatch that is nice to have to fix the
| issue
| mixmastamyk wrote:
| What are the details with a custom key?
| dathinab wrote:
| sbctl with package manager hook for automatically signing
| on updates etc.
|
| keys are just stored on the device, for the typical laptop
| use-case this is good enough (platform key only used by a
| single device, no MDA or anything like that)
| jcalvinowens wrote:
| > I could set it up to auto unlock using TPM2 but I would
| recommend using a long password. TPM2+password would be
| optimal.
|
| Personally, I trust LUKS with passphrases far more than I
| trust some random proprietary hardware implementation nobody
| can audit...
|
| It's also important to me to be able to recover the disk
| contents with the passphrase on another machine if the
| motherboard dies. Maybe that's what you meant (backup
| passphrase), but I think you meant requiring both?
| dathinab wrote:
| I meant:
|
| - I'm only using a long password
|
| - but it would be optimal to require PCR values and
| password
|
| Note that in any case where you use PCR values you always
| should setup a secondary way to unlock the partition. Or
| else you will lose your data if some of your hardware
| measured into a PCR breaks.
|
| Requiring both is optimal as it 1. doesn't rely on TPM/PCRs
| but 2. prevent certain attack vectors possible with
| password only but not possible with PCRs. Through you now
| also have to manage a backup unlock method. Which is
| annoying. And the security benefits are
| negligible/irrelevant for most people. Which is why I don't
| use it.
| skywhopper wrote:
| Interesting. The question that immediately popped into my head
| was: How does the secure boot system determine the "security
| generation" of GRUB exactly? Sounds like just based on the
| assertion of GRUB itself (and trusted signature of the
| distribution that built GRUB)?
|
| The fact that the list of allowed GRUB versions is itself
| manageable via a Windows Update points to some other issues with
| this particular security scheme, given Microsoft's own recent
| history of mishandling private keys.
| dist-epoch wrote:
| It goes the other way too. An Ubuntu Update could put the
| Windows bootloader on the deny list.
| stonethrowaway wrote:
| > Short version: Secure Boot Advanced Targeting and if that's
| enough for you you can skip the rest you're welcome.
|
| Based. Unfathomably based.
| superkuh wrote:
| Here is a mirror for anyone else getting blocked* by dreamwidth
| for not using a corporate browser:
| https://web.archive.org/web/20240822091216/https://mjg59.dre...
|
| * No matter how many times I do the captcha.
___________________________________________________________________
(page generated 2024-08-22 17:00 UTC)