Search: Site Web

Software reVisions

In pursuit of reliable, fault-tolerant, fail-safe software and systems

The Humane Society of the United States

Secure Boot News - Future Day 1

Microsoft Windows Secure Boot - Then and Now
by RobertC

The newest version of Microsoft Windows finally provides some long-sought enhancements to the Secure Boot feature launched with Windows 8 a few years ago. No longer do storage devices have to be removed and slaved to another computer in order to regain access after lightning strikes, "key hijacks" or boot image corruption. Users can now login from another registered device to their account at Microsoft, the computer manufacturer or any other entity they have keys registered with, and download a new key.

After a multi-step authentication process that includes an email-reply verification and optional phone callback, a user or System Administrator downloads new keys for one or more of the registered machines and copies it to a storage device, usually a memory card or flashdrive. The downside of having to physically be at the computer remains for large data centers, but life is better than it was. At the computer, Secure Boot looks for new keys on the first boot device during powerup. (Anybody remember floppy drives and serial dongles used like this? No? Never mind...) Since the Unified Extensible Firmware Interface (UEFI) software in conjunction with a Trusted Platform Module (TPM) allows multiple, equally valid keys to exist on a "keyring", the new key can just be added and full access restored.

Microsoft has given in after losing market share to Apple, Google, Ubuntu, RedHat, IBM and other Linux and Unix-like operating systems for several years. The "*nix" common underlying operating system architectures used by those companies made the anticompetitive approach of Windows Secure Boot a non-starter with all but Apple. However, even Apple saw the legal liability dangers of purposely locking companies out of their systems due to common events like upgrades, repairs or natural disasters. The companies and many open-source organizations hammered out procedures that greatly reduce vulnerabilities while giving people a reasonably secure way of getting back into their phones, computers and other devices.

Historical References

Labels: , , , , , ,


Post a Comment

<< Home