Microsoft introduced a feature called “Secure Boot” with Windows 8. The feature basically prevented users from installing operating systems that aren’t signed by Microsoft — for example, if Secure Boot was enabled on your Windows 10 device, you won’t be able to install Linux on it. In addition to Windows PCs, Secure Boot was also on Windows Phone devices and Windows tablets. However, there are some devices where the user can’t disable Secure Boot, including Windows RT, Windows Phone and HoloLens devices. Now, security researchers Slipstream and MY123 were able to bypass Secure Boot, thanks to a design flaw. According to the researchers, Secure Boot includes a “golden key” which allows users to disable the feature on their device. The golden key was apparently leaked by Microsoft themselves during the development of Windows 10 Version 1607, and now the company is trying to fix it.
The report states that Microsoft has already released two patches to fix the issue — however, the company wasn’t successful. Slipstream states that Microsoft might be able to fix the issue, but that could cause even more issues:
Either way, it’d be impossible in practise for MS to revoke every bootmgr earlier than a certain point, as they’d break install media, recovery partitions, backups, etc.
Slipstream also pointed out to the FBI how this type of golden keys aren’t really secure:
“About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don’t understand still? Microsoft implemented a “secure golden key” system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a “secure golden key” system? Hopefully you can add 2+2…”
You can view the full report here, where the researchers detail the flaw with more information.