[manofmanysmiles]

Unless I'm missing something, Secure Boot as designed is fundamentally broken.

Its root of trust is the BIOS/Firmware, which can be updated from a running OS. There is no hardware root of trust.

How Secure Boot Works

Secure Boot ensures that a device boots using only software trusted by the Original Equipment Manufacturer (OEM). Here's a high-level overview:

1. Power On and Initialization: The CPU initializes and runs the BIOS/UEFI firmware, which prepares the system for booting.

2. Platform Key (PK) Verification: The firmware verifies the Platform Key (PK), which is used to validate Key Exchange Keys (KEKs).

3. Key Exchange Keys (KEK) Verification: The KEKs validate the allowed (whitelist) and disallowed (blacklist) signature databases.

4. Signature Database Verification: The firmware checks the allowed (db) and disallowed (dbx) signature databases for trusted software signatures.

5. Bootloader Verification: The firmware verifies the bootloader’s signature against the db. If trusted, the process continues.

6. Kernel and Driver Verification: The bootloader verifies the OS kernel and critical drivers’ signatures.

7. Operating System Boot: Once all components are verified, the OS loads.

Apple Secure Boot Process

Apple adds hardware-based security with the Secure Enclave:

1. Secure Enclave Initialization: Separate initialization handles cryptographic operations securely.

2. Root of Trust Establishment: Starts with Apple's immutable hardware Root CA.

3. Immutable Boot ROM Verification: The boot ROM verifies the Low-Level Bootloader (LLB).

4. LLB Verification: The LLB verifies iBoot, Apple's bootloader.

5. iBoot Verification: iBoot verifies the kernel and its extensions. The Secure Enclave ensures cryptographic operations remain protected even if the main processor is compromised.

For more details, check out:

- <https://uefi.org/sites/default/files/resources/UEFI_Spec_2_8...>

- <https://www.apple.com/business/docs/site/Security_Overview.p...>

I would really love to have a hardware root of trust on a Linux or other open system, with a hardware security module of sorts that is programmable, so I decide what the root keys are, and is able to measure the firmware boot process, establishing a proper audit trail or chain of trust.

I can't remember the HN formatting rules, so expect an edit shortly to make this look better.

Edit: I did a little more poking. It's not quite as bad as I thought, because at least in theory, the BIOS will verify a digital signature of a BIOS update before flashing it.

[StillBored]

The firmware updates from a protected capsule so it can't be updated without a signature verification effectively closing the loop. Its possible to add a 3rd party root of trust (TPM/etc) to this, its just vendor defined whether a platform uses an additional component to validate the PK/firmware/etc earlier in the process.

[commercialnix]

> Secure Boot ensures that a device boots using only software trusted by the Original Equipment Manufacturer (OEM)

"We sold you this house with a front door designed where our key will always let us in". Why do we put up with this shit?