LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-30-2017, 02:57 AM   #1
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Rep: Reputation: 57
If you disable Secure Boot, is UEFI still more secure than BIOS boot?


Got a system with Secure Boot enabled by default and just discovered there is a way to disable Secure Boot in the settings, which is needed to install some distros. Paradoxically some security-oriented ones like tails need Secure Boot to be disabled. In any distro there is always the possibility that the system gets infected or pawned temporarily or even permanently depending on what you do with it.

If Secure Boot is disabled, how does UEFI compare to BIOS in terms of security and security only? Just as bad?

Last edited by Ulysses_; 05-30-2017 at 10:19 AM.
 
Old 05-30-2017, 05:45 AM   #2
smallpond
Senior Member
 
Registered: Feb 2011
Location: Massachusetts, USA
Distribution: CentOS 7
Posts: 3,533

Rep: Reputation: 974Reputation: 974Reputation: 974Reputation: 974Reputation: 974Reputation: 974Reputation: 974Reputation: 974
Only thing that comes to mind is that BIOS settings can't be modified by software without special tools from the vendor. UEFI variables can be.
 
Old 05-30-2017, 06:47 AM   #3
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
The concept behind "secure boot" is simply that a rogue night-operator can't easily reboot your hardware with nothing more than a USB-stick of his own making. But UEFI also assumes that the rogue night-op can't reach the firmware settings either.

In reality, the firmware of most systems has been reverse-engineered to the point where the settings necessary to disable (and then, re-enable) UEFI are well known, and the switch can be flipped (so to speak) without ever touching the firmware screens.

But it was such a nice idea . . .
 
Old 05-30-2017, 08:14 AM   #4
Ulysses_
Senior Member
 
Registered: Jul 2009
Posts: 1,303

Original Poster
Rep: Reputation: 57
So an install of ubuntu plus the necessary software can flip the switch for Secure Boot with an assembler instruction?

Would that instruction be a write to memory or an output to an i/o port?
 
Old 05-30-2017, 10:08 AM   #5
cwizardone
LQ Veteran
 
Registered: Feb 2007
Distribution: Slackware64-current with "True Multilib."
Posts: 6,492
Blog Entries: 1

Rep: Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845Reputation: 3845
Quote:
Originally Posted by Ulysses_ View Post
EDIT: Someone please fix the title, it's Secure Boot, not Secure Mode......
As the original author of the thread you should be able to go into advance edit and
change the title. It depends on how long it has been since you started the thread.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
New Laptops that allow one to install Linux ie Allowed to disable Secure Boot and UEFI robertdaleweir Linux - Hardware 6 09-07-2016 11:27 PM
[SOLVED] Secure boot and UEFI edencorbin Linux - Software 14 06-18-2016 02:33 AM
disabling secure boot when secure boot is not an option in BIOS? chexmix Slackware 10 05-28-2015 06:13 PM
Boot Ubuntu 14.04 64bit with greyed out Secure Boot disable option in BIOS? hanspeterii Linux - Newbie 9 05-04-2014 02:32 PM
LXer: UEFI Secure Boot LXer Syndicated Linux News 0 06-06-2012 09:40 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 12:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration