Yusuf On SecuritySecurity news, opinion and advice

UEFI Secure Boot…

UEFI Secure Boot

The Windows Hardware Engineering Community (WinHEC) conference in Shenzhen (China, 18-19 March 2015) has attracted a lot attention from the security community recently. It appears the UEFI Secure boot could be permanently enabled by the OEM.
From a slide shown at the conference “UEFI Secure Boot:
– Must ship enabled
– UEFI version 2.31 compliant
– Wind10 Desktop: It’s OEM option whether to allow end user to turn off Secure Boot
-Wind10 Mobile: Must not allow secure boot to be turned off on retail device
-UEFI Secure boot database (PK, KEK, db, dbx) must be configured per Win10 HW requirement.”

The fact the hardware is shipped with Secure boot turned on effectively rendered the Windows 10 hardware device an appliance giving little choice to end users. Maybe we are all used to the rigidity of smartphone and tablets but this takes this inflexibility to a new level.

Author
Yusuf
Join the discussion

Further reading

What will it take?

A great piece on what it will take to improve the safety of the connected world. Read it here.

Extended detection and response (XDR)

Extended detection and response (XDR) captures threat data from previously isolated security tools throughout the organizations tech stack to enable...

Log4j Vulnerabilities

Towards the end of November, a researcher from Alibaba discovered a fault (CVE-2021-44228) in a well known open-source logging library called...

Recent podcasts