Jump to content











Photo
- - - - -

(in)Secure UEFI bootdisk


  • Please log in to reply
3 replies to this topic

#1 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14757 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 02 March 2019 - 04:15 PM

For those having to deal with (in)Secure UEFI booting:

 

https://github.com/V...SecureBoot-Disk

 

 

Description

Secure Boot is a feature of UEFI firmware which is designed to secure the boot process by preventing the loading of drivers or OS loaders that are not signed with an acceptable digital signature.

Most of modern computers come with Secure Boot enabled by default, which is a requirement for Windows 10 certification process. Although it could be disabled on all typical motherboards in UEFI setup menu, sometimes it's not easily possible e.g. due to UEFI setup password in a corporate laptop which the user don't know.

This disk, after being installed on a USB flash drive and booted from, effectively disables Secure Boot protection features and temporary allows to perform almost all actions with the PC as if Secure Boot is disabled. This could be useful for data recovery, OS re-installation, or just for booting from USB without thinking about additional steps.

 

 

Images are on the relese page:

https://github.com/V...t-Disk/releases

 

:duff:

Wonko



#2 alacran

alacran

    Silver Member

  • .script developer
  • 925 posts
  •  
    Mexico

Posted 03 March 2019 - 04:16 PM

I never bought the False security claimed from MS, it was just to justify force all developers and OEMs to pay big money to get certificates and OS certification. Finally this secureboot is totally useless long time ago since all viruses are capable to install and run, even with it in place.

 

I allways disable SecureBoot, and enable legacy boot and partition/format HDs as MBR/legacy.

 

Only thing I recommend is: If you are interested on this project, download it inmediately, remember MS is now the owner of github and then can errase this project at any moment they want.



#3 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14757 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 03 March 2019 - 04:43 PM

I never bought the False security claimed from MS, it was just to justify force all developers and OEMs to pay big money to get certificates and OS certification. Finally this secureboot is totally useless long time ago since all viruses are capable to install and run, even with it in place.

You are IMHO not fair to the Author of the thingy :w00t:, AFAIK it has been (till now and of course only if it actually works) extremely difficult (actually impossible) to boot a "locked down by Secure Boot" UEFI system from an "arbitrary" USB stick  :dubbio:
so - at least in my limited experience - the project does represent some "news".
 

I allways disable SecureBoot, and enable legacy boot and partition/format HDs as MBR/legacy.

Yep, and that approach has a lot of merits, still it won't solve the issues with - say - a second hand PC that was locked or similar cases where you have no real direct control of UEFI settings.
 

Only thing I recommend is: If you are interested on this project, download it inmediately, remember MS is now the owner of github and then can errase this project at any moment they want.


I already did that, before posting about it, of course   :smiling9: (and of course while wearing an anti-mental-intrusion hat) but thank you for the suggestion.

Ooops, gotta go, my advanced Velostat hat making course is due to start in half an hour and I have to get to the school in time. (BTW and JFYI it is an interesting new take on the matter, combining origami with 3M, the best of east and west).

 

:duff:

Wonko



#4 alacran

alacran

    Silver Member

  • .script developer
  • 925 posts
  •  
    Mexico

Posted 03 March 2019 - 05:25 PM

When I said:

 

 

Finally this secureboot is totally useless long time ago since all viruses are capable to install and run, even with it in place.

 

 I mean secureboot on your PC is not so secure as MS wants people to belive,  as it can't protect us from Viruses or Ramsomware, even UEFI Secureboot by design allow OEMS to install secret (if they don't tell us) programs on Bios as Lenovo did installing Superfish Malware on UEFI Bios to spy the users.

 

About been a very big problem for the users of second hand PCss if they do not have the Bios, HDD or OS Password, there is no doubt of this and this (in)Secure Boot disk is a very wellcome set of programs, I made my copy of both the full size and the minimalt version and even installed the full size on an old 2 GB USB stick, to play with it latter.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users