Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Friday, 12 August 2016 11:33

Secure boot fiasco shows Microsoft will bend when needed


Microsoft's secure boot fiasco has shown one thing: while the company makes a big show about standing up to government on behalf of its customers, in reality it is more than willing to fall in line and create backdoors for law enforcement.

News emerged this week that Microsoft has bungled things to the extent that its so-called golden key for secure boot a key that disables the feature had leaked through its own carelessness.

In other words, the genie is out of the bottle, and the two researchers, known by their pseudonyms MY123 and Slipstream, who cracked the technology, are pretty confident that the story is now over.

Secure boot is a feature of the Unified Extensible Firmware Interface, the replacement for the motherboard firmware or BIOS.

Microsoft implemented it for Windows 8, in a manner that prevented booting of other operating systems on machines which have secure boot enabled. This restriction is imposed through the use of cryptographic keys.

Alongside this there are secure boot policies that come into play during the boot process. These are signed by Microsoft and can be installed on a computing device only by using an utility that has been, again, signed by the folk at Redmond.

For internal testing, Microsoft created another policy, which would disable secure boot when installed in the firmware of a device. However, this was inadvertently shipped with some devices and the rest, as people are wont to say, is history.

Exactly why Microsoft was playing around with disabling secure boot, even within the confines of its huge testing centre, is not clear.

But there has been considerable pressure from US authorities, the FBI foremost, following the Apple-FBI encryption stoush earlier this year, for technology companies to create a backdoor in any encrypted system they manufacture, so that government agencies can always find a way in.

Microsoft and other big technology companies like Google, Facebook, Apple, Yahoo! and the like — are keen to make it appear that they are on the side of the consumer. Apple demonstrated in its stoush with the FBI that it was willing, to some extent, to put its money where its mouth is.

Microsoft has also attempted to do this – most notably when it refused to turn over emails stored in a server in its Ireland subsidiary to the US government. The matter went to court and Microsoft pulled off a famous victory.

But the secure boot snafu makes it clear that Microsoft is ambivalent about security measures it devises. Secure boot made its debut along with Windows 8 back in October 2012 and there has never been even a whisper about it being broken.

While there was some disquiet about the technology early on, the fact that it can be disabled on x86 devices which is the most common platform for running alternative operating systems ensured that the noise did not rise above a manageable level. (It cannot be disabled on ARM-based devices).

A few Linux distributions devised means of booting on secure boot-enabled machines and ensured that any distribution would be able to follow suit, by making their code shareable.

But now secure boot will need to be re-implemented from scratch. In the main, it is required by Windows systems which are notoriously vulnerable to every form of malware.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments