alt Hacker NewsThre original secure boot design would have had insecure bootloaders get blacklisted the moment abuse could be detected.
Microsoft then made that system entirely useless by signing code that could be used to load unsigned code, like demonstrated here.
They then also refused to blacklist their own broken bootloader to save sysadmins the time (who would need to deploy new recovery images and boot media containing the fixed bootloader). That vulnerable bootloader is particularly bad because it can be used to have the TPM unlock itself and give up the Bitlocker key, which the Linux loaders shouldn'tbe capable of even if they apply the bypass mentioned in the article.
In a world where Microsoft cared about secure boot, they would blacklist the vulnerable Linux loaders as well as their own old bootloaders. Why Microsoft? Because they signed the files in the first place, only they can rescind the signatures. In that world, Linux users would call for Bill Gates' head for securing their security feature and sysadmins would be out for Steve Ballmer's blood for breaking their complex custom recovery system that nobody dares touch.
Now we'll be stuck in the worst of both worlds.
Replies
>They then also refused to blacklist their own broken bootloader to save sysadmins the time (who would need to deploy new recovery images and boot media containing the fixed bootloader).
Source? The OP suggests they expect it to be blacklisted
>I assume that Kaspersky bootloader signature certificate will not live long, and it will be added to global UEFI certificate revocation list, which will be installed on computers running Windows 10 via Windows Update
If you search around you'll also find that microsoft does publish secure boot revocations, contrary to what you claim.
I feel like this isn’t the best moment to call Bill Gates. Or maybe yes, maybe he’ll open source Windows at this point, who knows!
A better design would not involve a small default-trusted set of keys in the first place. If the signers were diverse and on equal footing, with users choosing who to trust, a single bad bootloader being signed would not compromise nearly the whole ecosystem.