Skip to main content

Microsoft left the Secure Boot golden key sitting out in the open

microsoft secure boot tool policy patched surface pro 3 hands on 10
Image used with permission by copyright holder
Whoops! Two researchers discovered earlier this year that Microsoft accidentally included an internal debugging tool, or policy, on Surface hardware shipped to customers. It’s a “golden key” of sorts that will enable anyone to bypass Microsoft’s Secure Boot provision. This security feature prevents the installation of non-genuine Windows-based operating systems and other non-Microsoft platforms, such as Linux. Microsoft introduced Secure Boot with the launch of Windows 8 back in October of 2012.

Secure Boot works at the firmware level, and essentially makes sure that the bootloader and other components are cryptographically signed and allowed to run on the current hardware. Because of this, only an operating system cryptographically signed by Microsoft can load. In addition to preventing piracy, Secure Boot also stops malware in its tracks when it tries to modify the system firmware, or install rootkits that load up before or during the OS loading process.

Secure Boot relies on a DeviceID element, meaning each device has its own unique number. Thus, this number is associated with the installed operating system. That said, Secure Boot cannot be disabled on Microsoft devices by consumers.

However, Microsoft created tools (aka policies) for altering the Secure Boot system. These tools are merely sets of rules that load up during the boot process, enabling IT administrators to make changes to their Microsoft-based hardware, for developers to test drivers, and so on. The “golden key” in question disables the operating system signature check so that Microsoft’s own developers can test new builds without having to officially sign each one.

Thus, the leaked tool does not include a DeviceID element, nor does it have any rules pertaining to on-disk Boot Configuration Data, enabling anyone to test-sign software not signed by Microsoft. With this tool now out in the wild, Microsoft devices like the Surface 3 and Surface Book could be even more open to nasty attacks by hackers. This of course heats up the controversy surrounding backdoors in operating systems.

“About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a ‘secure golden key’ is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears,” the researchers write. “You seriously don’t understand still? Microsoft implemented a ‘secure golden key’ system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a ‘secure golden key’ system? Hopefully you can add 2+2.”

According to a disclosure timeline, the researchers discovered the initial policy and reported the problem to Microsoft between March and April of this year. Microsoft seemed reluctant to fix the issue at first, but finally awarded them a bug bounty in June. A patch arrived in July but didn’t totally resolve the issue, thus Microsoft launched another patch in August. A third patch is expected to be released soon.

The Secure Boot credential leak arrives after Apple’s conflict with the FBI over the iPhone 5c used by one of the San Bernardino shooters in December of 2015. The government wanted Apple to create a version of iOS with a built-in backdoor so that agents could gain access to the device’s data. The investigation was to take place within a special lab at Apple, but the company refused to create such a tool, stating that it would cause utter chaos for iOS device owners if it fell into the wrong hands.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Microsoft recommends you turn on this important Windows 11 security feature
microsoft defender ccleaner unwanted application windows

Ransomware is an ever-increasing threat, and that's why Microsoft is strongly recommending you turn on its new security feature in Windows 11. As TechRadar reports, the tech giant is encouraging users to activate Tamper Protection in Microsoft Defender.

Tamper Protection has a number of features designed to protect you from ransomware, and it all comes for free as part of Windows 11.

Read more
Enable these 3 easy Windows settings to drastically improve your PC’s security
microsoft defender ccleaner unwanted application windows

These days, it seems like there's always a ton of security issues in Windows. PrintNightmare, malware, spyware, and viruses are just a few examples.

So, how you do protect yourself? Investing in antivirus software is one obvious answer, but there are also some built-in tools in Windows 10 (and in the upcoming Windows 11) that can help you improve the security of your system. We've gathered up a list of these tools for you below.
Enable Windows Security ransomware protection

Read more
Microsoft suggests Windows 11 will be missing a key feature at launch
A photo of the TikTok app running on a Windows 11 laptop

Microsoft just announced that Windows 11 is arriving as a free update on October 5. The company will begin rolling out the new operating system to eligible devices then, as well as start shipping new devices with Windows 11 pre-installed. One of the biggest, most impressive features of the OS isn't part of that process, however.

Windows 11 isn't arriving with Android app support. In a blog post announcing the release date, Windows GM Aaron Woodman wrote: "We look forward to continuing our journey to bring Android apps to Windows 11 and the Microsoft Store through our collaboration with Amazon and Intel; this will start with a preview for Windows Insiders over the coming months."

Read more