News emerged this week that Microsoft has bungled things to the extent that its so-called golden key for secure boot — a key that disables the feature — had leaked through its own carelessness.
In other words, the genie is out of the bottle, and the two researchers, known by their pseudonyms MY123 and Slipstream, who cracked the technology, are pretty confident that the story is now over.
Secure boot is a feature of the Unified Extensible Firmware Interface, the replacement for the motherboard firmware or BIOS.
Alongside this there are secure boot policies that come into play during the boot process. These are signed by Microsoft and can be installed on a computing device only by using an utility that has been, again, signed by the folk at Redmond.
For internal testing, Microsoft created another policy, which would disable secure boot when installed in the firmware of a device. However, this was inadvertently shipped with some devices and the rest, as people are wont to say, is history.
Exactly why Microsoft was playing around with disabling secure boot, even within the confines of its huge testing centre, is not clear.
But there has been considerable pressure from US authorities, the FBI foremost, following the Apple-FBI encryption stoush earlier this year, for technology companies to create a backdoor in any encrypted system they manufacture, so that government agencies can always find a way in.
Microsoft — and other big technology companies like Google, Facebook, Apple, Yahoo! and the like — are keen to make it appear that they are on the side of the consumer. Apple demonstrated in its stoush with the FBI that it was willing, to some extent, to put its money where its mouth is.
Microsoft has also attempted to do this – most notably when it refused to turn over emails stored in a server in its Ireland subsidiary to the US government. The matter went to court and Microsoft pulled off a famous victory.
But the secure boot snafu makes it clear that Microsoft is ambivalent about security measures it devises. Secure boot made its debut along with Windows 8 back in October 2012 and there has never been even a whisper about it being broken.
While there was some disquiet about the technology early on, the fact that it can be disabled on x86 devices — which is the most common platform for running alternative operating systems — ensured that the noise did not rise above a manageable level. (It cannot be disabled on ARM-based devices).
A few Linux distributions devised means of booting on secure boot-enabled machines and ensured that any distribution would be able to follow suit, by making their code shareable.
But now secure boot will need to be re-implemented from scratch. In the main, it is required by Windows systems which are notoriously vulnerable to every form of malware.