No thanks. M$'s own tablets like Surface are already riddled with enough Secure Boot and other garbage locks that block users from installing OSS like Linux distributions and on top you have Intel's cancer protection at PCH level which block BIOS unlocks or options for end users again to enable proper Undervolt and etc, with latest SGX issue on Intel CPUs most of the mobile machines couldn't even do a proper Uv. A big shame since out of box they have high voltage. M$'s own Defender is able to scan BIOS but user cannot do anything, thanks to their trusted secure boot garbage (It was hacked as well, Boothole vulnerability) and their UWP nonsense is even more crappy, DRM inbuilt into the damn OS itself (Xbox Gamepass and other junk, some OEM companies started to use that only and big corp too like Dell / Alienware and Intel).
With more control slipping out of consumer devices and more privacy invading issues all over the place. I hope we can turn off this trash on day 1.
With Bootcamp going away on the Apple side it's no surprise that Microsoft is also looking to make a one-trick pony. I doubt any anti-trust case will stick when their main competitor isn't offering dual-boot anymore either.
This article kind of collapses on the "gaining physical access" necessity for defeating TPM. Yes, *if you have physical access* pretty much anything is possible. It's "gaining physical access" that is the clincher, here...;) That's the *hard part* most often, imo.
The genesis for this project (at least for MSFT) was the Xbox, specifically the Xbox One... where physical access is the name of the game. Without physical access, the traditional game console model just doesn't work at all.
Is this thing going to allow me to post? It says I'm spamming... I agree with beginner99.
There is so much placed on the assumption that you can't get physical access to a system. I'm professionally trained in physical pen testing and I've trained in ethical hacking. Yes, certainly there are places where mad James Bond skillz are required and you'd need to be a state level actor (or an expensive industrial espionage firm using ex intelligence staff) to get in. That ain't me. But for most places, dressing up as a cleaner, courier or just wearing a damned suit will get you anywhere you need to go. A high vis is an all access pass if there's any work going on (and there always is in a large institution) and there are single button press, miniaturised card cloning devices available now.
Never, ever assume that your network will be protected by physical security. Because I guarantee you two things - the physical and cyber security people in an organisation rarely speak and even more rarely do they work together. And atop that, your physical security people are assuming their stuff is protected by the cyber security (in the case of electronic access control systems or networked CCTV systems) as well as vice versa. This is why so many places use broken RFID security and why the data travelling from RFID readers is (almost) universally sent in the clear, using the same protocol as since electronic access control systems were invented. Because physical and cyber don't work together.
I did an assessment on a large financial institution's external security a while back. A wifi networked camera was visible on a standard 802.11 2.4GHz scan and was labelled "thermal camera". Worse than that, you could tell where that camera was pointing so, without any effort at all, or risk of burning anyone, you can deauth it and sit and wait to see if security turns up, and thus ascertain the level of CCTV monitoring / diligence.
Cyber and physical don't work together and each assume the other is doing their thing. If your network security is hinging on physical doing their job, I strongly suggest you audit it. All that means is walking around together, looking at each other's security and you'll soon find you each have a very different take on things. Audits like that need to be bidirectional and round table. You'll end up asking questions each other won't ask (like "can I take that card reader off the wall?" "why would you do that?" "to splice into the wires and collect the data" "whaaa? you can do that?" "uh yes" - and the end result is the tamper on those card readers actually gets connected. Or noting the locks on your cabinets are cheap and easily bypassed by anyone who has the skills to get that far, only to find that the physical guys keep a stock of high security locks and hasps they can fit with little to no spend from your budget).
Ramble over. I hope this helps someone see it from the other side.
I agree with practically everything you said, and what is most annoying about this entire trend is they don't offer a way to disable\bypass it. At least with most custom-built PC's you can disable things like secure boot and various security functions like DEP which is all essential for basic software troubleshooting or even testing a sandbox.
But the industry knows better than security engineers so -_-
I are agree. This isnt about security its about controlling ppl. its also about putting a million backdoors that no one asked for, and then 3 years later "they stop maintainingg" the garbage that no one asked for, so you have the opportunity to buy a new box, or be exposed to widely known and completely catastrophic vulnerabilities.
we need regulators and initiatives like fsf to get involved and fix this. but that wont happen until a catastrophic disaster takes place first. Consumers have never accepted this, and will never accept it if given the choice. but its going to take a crisis to get this into apple/google/ms/sony thick head that my PC is mine and not your remote property.
"M$'s own tablets like Surface are already riddled with enough Secure Boot and other garbage locks that block users from installing OSS like Linux distributions"
Ah, the persistent myth that Secure Boot is somehow incompatible with Linux. Possibly from the early days of UEFI where Linux bootloaders had not bothered to implement UEFI support yet and just relied on having the user switch to legacy mode, which came a-cropper when devices started dropping legacy mode. But if you don't believe me, maybe you'll believe the Debian devs: https://wiki.debian.org/SecureBoot#What_is_UEFI_Se...
"UEFI Secure Boot is not an attempt by Microsoft to lock Linux out of the PC market here; SB is a security measure to protect against malware during early system boot. Microsoft act as a Certification Authority (CA) for SB, and they will sign programs on behalf of other trusted organisations so that their programs will also run. There are certain identification requirements that organisations have to meet here, and code has to be audited for safety. But these are not too difficult to achieve.
SB is also not meant to lock users out of controlling their own systems. Users can enrol extra keys into the system, allowing them to sign programs for their own systems. Many SB-enabled systems also allow users to remove the platform-provided keys altogether, forcing the firmware to only trust user-signed binaries. "
Early secure boot did not support nearly the same amount of keys that modern secure boot does. Early UEFI was sometimes not even on ROM, it was on disk, easy to accidentally write over! There were many practices from early OEM UEFI implementations that were not Linux-friendly. MS might not have been at fault but they didn't enforce good standards.
While I couldn’t agree more, that a secure and trustable root of trust and management engine is necessary, there are several pre-conditions for its use and Microsoft doesn’t have a particularly good track record when it comes to doing it right.
1. The owner, not Microsoft nor any of the vendors must be in command. If I was from North Korea, I want to be sure it won’t stop me from nuking my enemy, just because they manufactured it
2. Just to be clear, the Apple, Google or Xbox approach is completely unacceptable, because they put ultimate control under foreign corporate control and I’d declare Apple hostile, if I had one. Microsoft loves Apple way too much for comfort. No, a corporate bypass isn’t enough: I as a EU citizen don’t want to be compromised by US executive order.
3. I want SEV on the client side. Because I demand #1 and some vendors will stop performing their services unless they have exclusive supreme control, the only way out is SEV or safe VMs/containers via MKTME or better. Unfortunately, Ryzen 5000 and Tiger Lake client SoCs may have the hardware but not the firmware to support this. Why does that remind me of VM supported purposefully missing from 80386 until Mendel Rosenblum found a work-around with the 486SL?
4. Open Source hardware, software, process attestation by independent auditors
5. Kill switch, just in case somebody discovers how it actually makes things less secure. This has just gone far too many times to not expect this to happen
Will the development of this new hardware platform follow Microsoft's time-honored process of moving slowly and breaking things just for kicks and giggles on every Patch Tuesday?
Agreed As a citizen of a developing country advocate the cited EU guidelines and sane working practices much more than those corporate, ultimately US centered practices and controlling actions.
Without Linux support this doesn't seem like it will get much traction outside of the desktop space. Honestly, it's kinda sad seeing Microsoft like this.
Hopefully this will be able to be disabled in the bios in order to run linux. We still don't really know the details, like, will you only be able to run Windows with these chips, or can you run future Windows on chips without Pluton. If no linux, then we are stuck with the likes of Allwinner, Rockchip, and maybe Broadcom SoCs on SBCs, like RPi.
I am old. I used to build these things (anyone remember Godbout?). I have no longer any idea what is going on. I have become more and more unable to work with things like MS. Documentation from MS etal.is indecipherable and getting worse.The terminology denies any simple users (like me) from actually understanding what is going on. The information in places from MS etal,can not be found or understood.
The computers we have purchased belong to us. But nowhere is that actually recognized by companies (think MS (et al)) rejection of the existence of computer owners personal equipment and denying access for control by the user for not understandable changes. Not-understandable or controllable. Sometimes daily reboots - purpose unknown. No printed detailed manual for years. Online information is indecipherable or completely unusable. Owners just get revolving attempts to find something they can understand.
This behaviour MUST be stopped. Work with your appropriate representatives!
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
Facebook
Twitter
RSS
27 Comments
Back to Article
Silver5urfer - Monday, November 23, 2020 - link
No thanks. M$'s own tablets like Surface are already riddled with enough Secure Boot and other garbage locks that block users from installing OSS like Linux distributions and on top you have Intel's cancer protection at PCH level which block BIOS unlocks or options for end users again to enable proper Undervolt and etc, with latest SGX issue on Intel CPUs most of the mobile machines couldn't even do a proper Uv. A big shame since out of box they have high voltage. M$'s own Defender is able to scan BIOS but user cannot do anything, thanks to their trusted secure boot garbage (It was hacked as well, Boothole vulnerability) and their UWP nonsense is even more crappy, DRM inbuilt into the damn OS itself (Xbox Gamepass and other junk, some OEM companies started to use that only and big corp too like Dell / Alienware and Intel).With more control slipping out of consumer devices and more privacy invading issues all over the place. I hope we can turn off this trash on day 1.
Hulk - Monday, November 23, 2020 - link
I agree completely.ballsystemlord - Saturday, December 12, 2020 - link
I third the motion.Alistair - Monday, January 3, 2022 - link
couldn't agree more, i'll take security, but not from these interested parties that care more about controlling you, not helping you be more secureKjella - Monday, November 23, 2020 - link
With Bootcamp going away on the Apple side it's no surprise that Microsoft is also looking to make a one-trick pony. I doubt any anti-trust case will stick when their main competitor isn't offering dual-boot anymore either.WaltC - Monday, November 23, 2020 - link
This article kind of collapses on the "gaining physical access" necessity for defeating TPM. Yes, *if you have physical access* pretty much anything is possible. It's "gaining physical access" that is the clincher, here...;) That's the *hard part* most often, imo.jeremyshaw - Monday, November 23, 2020 - link
The genesis for this project (at least for MSFT) was the Xbox, specifically the Xbox One... where physical access is the name of the game. Without physical access, the traditional game console model just doesn't work at all.beginner99 - Tuesday, November 24, 2020 - link
Gaining physical access can actually be the easy part and is a core part of "hacking" and doesn't require mad technical skills.philehidiot - Sunday, November 29, 2020 - link
Is this thing going to allow me to post? It says I'm spamming... I agree with beginner99.There is so much placed on the assumption that you can't get physical access to a system. I'm professionally trained in physical pen testing and I've trained in ethical hacking. Yes, certainly there are places where mad James Bond skillz are required and you'd need to be a state level actor (or an expensive industrial espionage firm using ex intelligence staff) to get in. That ain't me. But for most places, dressing up as a cleaner, courier or just wearing a damned suit will get you anywhere you need to go. A high vis is an all access pass if there's any work going on (and there always is in a large institution) and there are single button press, miniaturised card cloning devices available now.
Never, ever assume that your network will be protected by physical security. Because I guarantee you two things - the physical and cyber security people in an organisation rarely speak and even more rarely do they work together. And atop that, your physical security people are assuming their stuff is protected by the cyber security (in the case of electronic access control systems or networked CCTV systems) as well as vice versa. This is why so many places use broken RFID security and why the data travelling from RFID readers is (almost) universally sent in the clear, using the same protocol as since electronic access control systems were invented. Because physical and cyber don't work together.
philehidiot - Sunday, November 29, 2020 - link
I did an assessment on a large financial institution's external security a while back. A wifi networked camera was visible on a standard 802.11 2.4GHz scan and was labelled "thermal camera". Worse than that, you could tell where that camera was pointing so, without any effort at all, or risk of burning anyone, you can deauth it and sit and wait to see if security turns up, and thus ascertain the level of CCTV monitoring / diligence.Cyber and physical don't work together and each assume the other is doing their thing. If your network security is hinging on physical doing their job, I strongly suggest you audit it. All that means is walking around together, looking at each other's security and you'll soon find you each have a very different take on things. Audits like that need to be bidirectional and round table. You'll end up asking questions each other won't ask (like "can I take that card reader off the wall?" "why would you do that?" "to splice into the wires and collect the data" "whaaa? you can do that?" "uh yes" - and the end result is the tamper on those card readers actually gets connected. Or noting the locks on your cabinets are cheap and easily bypassed by anyone who has the skills to get that far, only to find that the physical guys keep a stock of high security locks and hasps they can fit with little to no spend from your budget).
Ramble over. I hope this helps someone see it from the other side.
Jorgp2 - Monday, November 23, 2020 - link
Lol, you have no idea what you're going on aboutSamus - Tuesday, November 24, 2020 - link
I agree with practically everything you said, and what is most annoying about this entire trend is they don't offer a way to disable\bypass it. At least with most custom-built PC's you can disable things like secure boot and various security functions like DEP which is all essential for basic software troubleshooting or even testing a sandbox.But the industry knows better than security engineers so -_-
azfacea - Tuesday, November 24, 2020 - link
I are agree. This isnt about security its about controlling ppl. its also about putting a million backdoors that no one asked for, and then 3 years later "they stop maintainingg" the garbage that no one asked for, so you have the opportunity to buy a new box, or be exposed to widely known and completely catastrophic vulnerabilities.we need regulators and initiatives like fsf to get involved and fix this. but that wont happen until a catastrophic disaster takes place first. Consumers have never accepted this, and will never accept it if given the choice. but its going to take a crisis to get this into apple/google/ms/sony thick head that my PC is mine and not your remote property.
edzieba - Wednesday, November 25, 2020 - link
"M$'s own tablets like Surface are already riddled with enough Secure Boot and other garbage locks that block users from installing OSS like Linux distributions"Ah, the persistent myth that Secure Boot is somehow incompatible with Linux. Possibly from the early days of UEFI where Linux bootloaders had not bothered to implement UEFI support yet and just relied on having the user switch to legacy mode, which came a-cropper when devices started dropping legacy mode. But if you don't believe me, maybe you'll believe the Debian devs: https://wiki.debian.org/SecureBoot#What_is_UEFI_Se...
"UEFI Secure Boot is not an attempt by Microsoft to lock Linux out of the PC market here; SB is a security measure to protect against malware during early system boot. Microsoft act as a Certification Authority (CA) for SB, and they will sign programs on behalf of other trusted organisations so that their programs will also run. There are certain identification requirements that organisations have to meet here, and code has to be audited for safety. But these are not too difficult to achieve.
SB is also not meant to lock users out of controlling their own systems. Users can enrol extra keys into the system, allowing them to sign programs for their own systems. Many SB-enabled systems also allow users to remove the platform-provided keys altogether, forcing the firmware to only trust user-signed binaries. "
lmcd - Saturday, November 28, 2020 - link
Early secure boot did not support nearly the same amount of keys that modern secure boot does. Early UEFI was sometimes not even on ROM, it was on disk, easy to accidentally write over! There were many practices from early OEM UEFI implementations that were not Linux-friendly. MS might not have been at fault but they didn't enforce good standards.abufrejoval - Monday, November 23, 2020 - link
While I couldn’t agree more, that a secure and trustable root of trust and management engine is necessary, there are several pre-conditions for its use and Microsoft doesn’t have a particularly good track record when it comes to doing it right.1. The owner, not Microsoft nor any of the vendors must be in command. If I was from North Korea, I want to be sure it won’t stop me from nuking my enemy, just because they manufactured it
2. Just to be clear, the Apple, Google or Xbox approach is completely unacceptable, because they put ultimate control under foreign corporate control and I’d declare Apple hostile, if I had one. Microsoft loves Apple way too much for comfort. No, a corporate bypass isn’t enough: I as a EU citizen don’t want to be compromised by US executive order.
3. I want SEV on the client side. Because I demand #1 and some vendors will stop performing their services unless they have exclusive supreme control, the only way out is SEV or safe VMs/containers via MKTME or better. Unfortunately, Ryzen 5000 and Tiger Lake client SoCs may have the hardware but not the firmware to support this. Why does that remind me of VM supported purposefully missing from 80386 until Mendel Rosenblum found a work-around with the 486SL?
4. Open Source hardware, software, process attestation by independent auditors
5. Kill switch, just in case somebody discovers how it actually makes things less secure. This has just gone far too many times to not expect this to happen
AdrianBc - Tuesday, November 24, 2020 - link
I completely agree. Good points.boeush - Monday, November 23, 2020 - link
Will the development of this new hardware platform follow Microsoft's time-honored process of moving slowly and breaking things just for kicks and giggles on every Patch Tuesday?Dug - Monday, November 23, 2020 - link
Someone always finds a window to break in these things, no matter how many door locks you put on.beginner99 - Tuesday, November 24, 2020 - link
Oh, I bet you they ship with an NSA backdoor.Nexing - Tuesday, November 24, 2020 - link
AgreedAs a citizen of a developing country advocate the cited EU guidelines and sane working practices much more than those corporate, ultimately US centered practices and controlling actions.
tuxRoller - Tuesday, November 24, 2020 - link
Without Linux support this doesn't seem like it will get much traction outside of the desktop space.Honestly, it's kinda sad seeing Microsoft like this.
LiKenun - Tuesday, November 24, 2020 - link
Nobody noticed the mistake?"coming to the three major hardware vendors that implement the OS: AMD, Intel, and Qualcomm"
They don't implement the OS. Their hardware runs the OS.
Soulkeeper - Tuesday, November 24, 2020 - link
Just what we need ... a backdoor built in our hardware. MS/government love making sure we are "safe" because they care ...taisingera - Tuesday, November 24, 2020 - link
Hopefully this will be able to be disabled in the bios in order to run linux. We still don't really know the details, like, will you only be able to run Windows with these chips, or can you run future Windows on chips without Pluton. If no linux, then we are stuck with the likes of Allwinner, Rockchip, and maybe Broadcom SoCs on SBCs, like RPi.alternety - Friday, November 27, 2020 - link
I am old. I used to build these things (anyone remember Godbout?). I have no longer any idea what is going on. I have become more and more unable to work with things like MS. Documentation from MS etal.is indecipherable and getting worse.The terminology denies any simple users (like me) from actually understanding what is going on. The information in places from MS etal,can not be found or understood.The computers we have purchased belong to us. But nowhere is that actually recognized by companies (think MS (et al)) rejection of the existence of computer owners personal equipment and denying access for control by the user for not understandable changes. Not-understandable or controllable. Sometimes daily reboots - purpose unknown. No printed detailed manual for years. Online information is indecipherable or completely unusable. Owners just get revolving attempts to find something they can understand.
This behaviour MUST be stopped. Work with your appropriate representatives!
lmcd - Saturday, November 28, 2020 - link
There are basically no Qualcomm SBCs as it is because of their extremely poor mainline support.