Что мешает мне написать буткит, который использует распознанный ключ UEFI?

492
user16538

Насколько я знаю, UEFI Secure Boot работает (более или менее): для загрузки определенных операционных систем они должны быть подписаны ключом, который проверяется UEFI при каждой загрузке. Если буткит заменяет операционную систему, проверка не пройдёт, и система, установленная буткитом, никогда не запустится.

Однако, если я напишу буткит, предназначенный для Windows 8, и если я вставлю ключ Windows 8 внутрь буткита, будет ли этот буткит работать? Если так, почему Безопасная загрузка считается безопасной? Если нет, то почему?

1

1 ответ на вопрос

1
Rod Smith

A malware author (let's call him Mel) can't just copy the keys from an existing boot loader; he has to get his own binary signed with a private key that's held by Microsoft. That said, Microsoft is signing binaries for third parties -- OS developers (Red Hat, Canonical, etc.) and even individuals are getting binaries signed. To do this, you've got to submit paperwork and pay a $99 fee to Verisign. Thereafter, Microsoft will sign the binaries you provide. I have no idea if they do any sort of virus scanning on them, though; if so, it's conceivable that some malware would be caught before it could be distributed.

Let's suppose, though, that Mel gets a malware binary signed and begins distributing it. Eventually, it'll be spotted by security researchers or detected by users, and somebody will notice it's been signed with Microsoft's key. At that point, Microsoft will be notified and will release a Windows update that will add that specific binary to a blacklist so that it will no longer boot on any machine that's received regular security updates. Microsoft will also then know that Mel is the author, since they'll presumably keep a copy of everything they sign in case of such problems. There'll be a paper trail, including things like the credit card number that was used to pay for the services and a snail-mail address used for correspondence. Presumably Microsoft will hand all that over to the authorities, and Mel will end up being visited by the police.

Of course, it's possible to imagine scenarios where a sufficiently motivated individual or criminal organization could avoid suffering such consequences -- they could use a stolen credit card to pay Verisign, use a temporary address that's not easily traced to them, etc. A US national spy agency like the NSA or CIA might also be able to intervene to get spyware or sabotage software like Flame signed. I expect that we'll see both of these things happen in the fullness of time.

The bottom line: Secure Boot puts up a hurdle for malware authors to overcome, but it's not an insurmountable one. It's just one move in a long-standing game between malware authors and OS vendors (primarily Microsoft). It has the potential to improve security, but it remains to be seen how well it will work.

Похожие вопросы