Windows 10 announcement: certified hardware can lock out competing OSes

The computer you mention, does belong to you, you paid for it. The computer I mentioned, DOES NOT, because you have NOT purchased it yet. There is no ambiguity in what I said. If the OEM exercised their option to not include an off-switch, that is their decision, not Microsoft’s. If you know that some systems don’t include an off-switch, and you need one that does, then it’s your responsibility to make sure you’re buying the right type.

When/if there isn’t an option to buy a machine without that off-switch in it, then your option is to build a custom rig. Let me be clear, I am personally not a fan of shipping the system without a disable switch, but if that switch is not there, that is the OEM’s fault/decision, NOT Microsoft’s.

Most of the motherboards I’ve purchased in the last 3-5 years will not work with Windows 98. That is due to the mobo manufacturer; and just like the UEFI situation, that’s not Microsoft’s fault either. Buyer beware.

I don’t see how that works - don’t they already have that? And yet Minecraft runs on Linux and even Raspberry Pi.

Indeed… Rather than force OEMS to lock the OS, they give OEMS the option to do so. Which they could also do if they were creating a Linux device, by the way. In practice, I don’t think this will get implemented much.

But… what if you don’t want Linux? What if you want BSD? What if you want Linux but for this or that reason need a custom, self-compiled kernel? What if RedHat does not fit your needs/desires and you want to go with Ubuntu?

There is a LOT of variability in the Linux World (and the world of the operating systems in general). Lots of choices, and that is good. Reducing the plethora of possibilities to merely a RedHat is what I consider a crime even if it is not entirely linux-excluding.

I HATE BGAs!!!
…and the epoxy is there anyway, for other reasons - as the underfill.

Yes. Things like these make me want to commit a murder or a dozen.

Edit: According to that PDF linked here earlier, the code and the control variables are in a serial flash, which is That SOIC8 Chip. This gives us a fighting chance of being able to control it with a Bus Pirate or other device. SOIC8 is also relatively easy to remove and reattach, giving us the ability to work it in a common chip reader (or even GPIO-bitbang it in e.g. a raspi, though directly connecting to SPI would be better).
Also gives us the possibility of making a chip emulator - something that has two ports, one the SPI (I think) for the computer-side operation, one anything else to tell it what to do, and even possibly monitor and log the accesses - good for auditing and honeypoting.
But there will likely be variants in the future that will do away with this. Although I’d be happy if this stays, as it gives us both a degree of additional security without too crippling shackles. Still, a hardware-accessible jumper would be better than this; not everybody has time and skills to work a SPI flash.

Notice that it is an option for the desktop version, but not for the mobile version! (Do laptops/tablets count as mobile devices too?)

No, they are only preloaded on machines. You can disable UEFI’s secure boot and run whatever you want.

I don’t know what Minecraft is supposed to do with this.

Which gives me an idea – a BitTorrent server in my waffle iron!

I was thinking of the little drop of epoxy “potting” like on the music chip in a greeting card.

Interesting, and true story, about the “SIM” in your cell phone: (now called a UICC btw)
Its purpose is to authenticate various cyrptographic signatures and to generate session keys, in addition to storing your account information (your IMSI) and miscellaneous other stuff. To do this, it has a little low power microcontroller in the UICC itself. Makers of UICCs have diligently worked at intermittent-operation and wear-leveling and such until these little things are fairly sophisticated processors with 16 or 32 bit busses internally. Hundreds of KB of RAM and several MB of flash ROM. A little throw-away computer.

You cannot get the master keys out of a UICC. At least that is the design goal. It might, might, be possible with the cover / potting off the die, to view it under a SEM and read out the keys, but most hackers will not be equipped to do this. And the makers have proprietary algorithms to detect hacking attempts and disable the chip if identified. (of course, the NSA will have served the maker with a demand for the keys but that is for another thread)

I don’t think the motherboard makers have gone this far yet, but it is possible to do quite a bit of obfuscation on a little serial in/out ‘memory’ chip.

So many small low-power SoCs running Linux that it is more than possible! Try a raspberry pi or odroid or something like that. Many such toys come in even smaller form factors.

Yup. Used when the vendor is too cheap to use chips with packaging of their own (or extremely saving weight or so). A bitch to get under. a bitch to reverse-engineer. Many low-end multimeters come with such chips, and they usually are the 7107 dies wirebonded to the chip and potted with resin drop. The more expensive chips usually aren’t mounted in so cheap way. (I did quite some searching in this area when attempting to find cheap computer-connectible multimeters usable as dataloggers. Some have the chips that have the outputs, but don’t have them used.)

UICC. Missed this naming change…

More powerful than they were when I used to play in that sandbox. Logical. Time flies. (Could they be reprogrammed and reused? There must be tons of old SIM cards being thrown out…)

There used to be a vulnerability in some of the algorithms used by older cards. (About 15 years ago or so.) You could hammer the chip with different challenges, and then reconstruct the Ki from the challenge/response pairs. Was useful for cloning cards into more capable chips so the el-cheapo ones from the telcos could also run SIM toolkit apps and so on…

Or they hack or infiltrate the vendor. Who needs terrorists when we have this kind of guardians.

Yup. Hope they won’t go that way anytime soon… Or at least that the chip could be swapped for something more benign.

Threats to user & business data are very real & are, quite literally, growing more serious by the day. In matters of data security (& other areas, to be sure) one can hardly be “too well educated” or “too vigilant”. Unfortunately, “Answering the call for the ever-increasing demands of knowledge & vigilance!” doesn’t feature too prominently in the profiles of many “average American consumers”.

The whole point behind UEFI Secure Boot is to defend machines & data against the types of vulnerability described in Corey’s following article:

Where MS had previously denied OEMs the latitude to ship desktop machines with UEFI activated, with Win10 MS is lifting that OEM restriction, & is in no way mandating that it be locked in.

Like most corporations, Microsoft has a pretty mixed reputation when it comes to placing user security & privacy ahead of all other considerations. It can’t be denied they’ve exposed Windows users to the NSA through Skype as, noted in the article. (It’s not as widely reported that Skype had built in provisions for NSA access well before it was acquired by MS).

Though Corey doesn’t make direct claims of on-going complicity or conspiracy between MS & the Chinese government, readers can certainly be excused for perceiving certain passages as inferences to such a possibility.

I’m not making any apologies for MS; they’re big boys & girls, fully capable of speaking for themselves.

Especially on questions of privacy & data security, I begin from a point of decided skepticism; toward MS & Apple, any software, any hardware, any wireless carrier, any ISP & any data services provider like Google. I want to know who will do the most to help me block malicious criminal attack & malicious LEO surveillance, (which is also usually criminal).

It’s 2015 & still too little is being done across the board to ensure user security. Solid skepticism is wholly justified & entirely reasonable: a reflexive attitude of “MS = everything evil & should die in fire” … eh, not so much.

Despite not knowing that UEFI even exists or what it does, if most among the clueless masses purchase a machine locked down with UEFI they’ll almost certainly be the safer for it. Personally, I like to understand as much as I can & want to exercise as much individual control over my kit as I can. It’s definitely important to know about this & it may well have been better prepared/implemented. But nothing about this MS policy change eliminates the choices available to anyone who cares enough to know that they even have these choices.

No, they’re only gradually inching up on only allowing people with valid Apple Developer certificates who sell their apps through the Apple App store to install software on your OS X machines. You already have to override a default system security settings (and ignore warnings) to run third party unsigned apps. I noticed that the last time I got an OS X 10 big update that it reset my setting to default and I had to go change it back too. Apple wants OS X applications to be as locked down as iOS, presumably so they can get their 30% of your purchase fee.

Explain how, in the real world for normal consumers, this “ends Windows.” They’ll buy their Dell computer (or Asus) the same as always.

Then you need a support group because you were clearly abused by someone at some point and are engaging in self-cutting behavior.

Far as I know, you have to throw them out. There may be a master “factory” password and secret handshake to reprogram it, but for security reasons, it’s hard to obtain. From some vendors you can obtain blank, virgin chips and instructions to download to them (though I haven’t explored this avenue).
Toss 'em in your junk box for a future gold recovery project.
(In my work life I swim in a sea of the stupid things. Mostly only test chips for use in the lab and not on a live network. These have a phony encryption protocol and well-known keys (except the factory key mentioned above).)

That’s the quickest way to trigger it to self-destruct. Ten thousand challenges (or something, don’t know the exact number) and the anti-tampering firmware is triggered. You will have to at least throw in some status updates or something between the challenges.

One of the interesting features they’ve started to roll out is credit card / banking in your phone. SIM Toolikit application. Just run the same algorithm as a “chip and pin” credit card, and communicate with NFC. (I’m not rushing out to get that feature for myself just yet, but it’s coming) The biggest barrier to implementation was who controls the SIM Toolkit “real estate” in which this takes place: the banks, the carrier, or the UICC vendor?

Another STK app is the new wiz-bang “VoLTE” calling protocol. The UICC does the authentication steps and stores user identity for SIP communication. That app is wholly owned by the carrier, like the IMSI.

I suggested a Bitcoin wallet app, but that suggestion died like a fart in the elevator.

Which is why after updating from MacOS 10.6 to 10.10 I scrapped 10.10. My final selection was replacing it with either Mint or Dragonfly, opting for the former by a narrow margin. The app store is horrific and there have been too many problems with Apple circumventing the administration of my own systems.

Firstly, as an OS X user, you are using BSD. Secondly, most people who cut themselves apparently know more about what they are doing than you do.

No, I’m using OS X. It just happens to be ultimately derived from BSD, for some values of “derived.” Don’t confuse classic BSD with what’s going on in OS X (or OS X with the abomination of FreeBSD).

It’s possible they also want to protect people from scams and the like. I was in the Apple Store a couple of weeks ago and one of the other guys at the Genius Bar had somehow installed MacKeeper, who remotely logged onto his computer, installed some crap, and were trying to tell him he needed to pay $300 to clean up his computer, on the basis that he had “a lot of processes running.” I opened up Activity Monitor on an Apple Store computer to show him how many are always running.

Windows used to be ridiculed for its useless authentication process (just click “OK” without entering a password or anything), and this seems like just another layer in locking things down (in multiple senses of the term, I suppose).

Installing/opening an unverified app isn’t that hard, but it’s hard enough that those who can’t Google it or understand how to launch from the context menu are protected from themselves a bit more.

Not quite. The proprietary parts of OS X are not derived from BSD, they exist in an increasingly separate filespace. It’s not like they started with something BSD and developed it into something else, analogous to how the current desktop environment was derived from YellowBox. The BSD is all still there, running in the background, slightly more crippled with each release.

Why, what do you think is going on?

ZZZZzzzzzzzzzzzz

lack of caring about this tangent

Protecting the user from themselves is pretty crass. They are the system administrator, and should be helped rather than hindered. Making the vendor your admin is one way to strive for security, but it’s arguably not the most secure. And paradoxically, people seem to trust big tech companies less than ever. It seems rather conflicted, and a case of, as Chomsky put it, “manufacturing consent”.

People don’t trust Dell? Or did you mean “big tech companies” that don’t make hardware? Apple is the outlier here.

It’s not “what I mean”, it’s what people tell me, which doesn’t often get into much detail. I take this to mean OS developers who make real administration impossible, hardware manufacturers who get pushed into providing backdoors, communications software developers who get pushed into providing backdoors, web companies who track people, data mining companies who sell info about users to others. Tick off whatever boxes you like for any given company.

It still sounds like you are striving for a populist “me versus reality” argument here. I have been a long time Apple user, and I have my reasons for finding their approach to development and marketing to be crass. And no, it is not “just me”.