A blunder by Microsoft has resulted in the company accidentally leaking skeleton keys that unlock windows-powered tablets, phones, and other devices which are sealed by Secure Boot.
At the centre of the problem are Secure Boot policies, these are basically a feature of the Unified Extensible Firmware Interface and they are designed to ensure that each component loaded during the boot process is digitally signed and validated.
Secure Boot makes sure that the user’s PC will boot only to software that is trusted by the PC manufacturer or the user. In this case, the PC or device should only boot to Microsoft’s operating system.
The idea is that it stops people from booting up any OS on a Windows tablet, or certain Windows Phones.
Unfortunately for Microsoft it created and signed a special Secure Boot policy that disables the OS signature checks. This was done for debugging purposes, but what it means is that the boot manager won’t verify that it is booting one of the signed operating systems, and will instead boot anything the user wants as long as it is cryptographically signed.
The debug-mode was apparently shipped on retail devices and then discovered by some users. Although it was deactivated the policy has now leaked onto the Internet onto places like Filebin and if a user provisions it onto their device or computer as an active policy, it will disable Secure Boot.
Basically anything that uses Windows boot manager can use this.
After this issue was flagged to Microsoft, the company released a security patch (MS16-094) to stop users from unlocking their devices, however, this didn’t fully end the policy because the revocation list, which the policy was added to in the firmware, is only checked by the boot manager after policies are loaded.
Basically, the patch was locking the stable doors after the horse had already bolted.
A second line of defence in the form of a Microsoft tool, that’s used to provision the policy into the firmware and does check the revocation list, does refuse the policy when a user tries to install it.
Microsoft has now issued another patch (MS16-100) but this also fails to remove the policy, reports The Register.
Scripts are now flying around the Internet that will allow users to unlock policy on their ARM-powered Windows RT tablet, as long as the user hasn’t already installed the July update from Microsoft.
Really this debug-mode policy and the EFI installation tool are only meant for developer use. The purpose is to debug drivers but they are effectively backdoor keys and yet again these backdoor keys have fallen into the hands of people they weren’t meant for.
While Secure Boot cannot be used to access conversations or hijack systems, this leak highlights the risk of backdoor keys.