• About
• Latest Posts

Jonathon Hall

Latest posts by Jonathon Hall (see all)

• Purism’s PureBoot is Not Affected by UEFI Key Leaks (Again) - July 29, 2024
• From the Hackdesk: Librem 16 - May 30, 2024
• Unexplained Potatoes - April 22, 2024

No Central Signing Keys in PureBoot

As Ars Technica, Binarly, and others have reported, UEFI Secure Boot on at least 200 device models from at least 5 major vendors is completely compromised by the leak of their Platform Key.  We’ve discussed Secure Boot insecurity before, and it is unlikely that these devices will ever see updates addressing this problem.

PureBoot is immune to this type of compromise because it does not have centralized signing keys. You do not delegate your security to an authority in PureBoot – you are in control.  If your key becomes compromised, you can rotate to a new key at any time.

This Sounds Familiar

If this sounds familiar to you, it’s because it is.  Last year, MSI’s keys used for Boot Guard were leaked (again reported by Binarly and Ars Technica).  Again, this completely compromises UEFI Secure Boot.  With this key, an attacker can sign altered firmware as if it had come from MSI.  Boot Guard Keys are only programmable once while the system is in manufacturing mode, so there is no way to change them.  Those keys are a permanent part of the CPU or PCH.

Second verse, same as the first (with apologies to Herman’s Hermits.)

The Platform Key is, in simple terms, a link in the chain just after the Boot Guard key.  There are several links between the Boot Guard root in the hardware and a signed operating system.  All of those links must hold up for Secure Boot to be secure.  Compromising the Platform Key has the same result.  With this key, an attacker can sign altered firmware as if it had come from the vendor.

Vendors have no way to revoke or replace these keys.  Revocation lists only exist for later links in the chain, and even then, they are not effective.  An attacker with the ability to alter the installed operating system can often alter firmware too, so they could simply revert to the old, vulnerable firmware.  Vendors rarely revoke keys in practice, because doing so would cause widespread breakage for users that hadn’t updated their operating system yet.

Systemic Problems Require Systemic Solutions

UEFI Secure Boot has a long history of failures.  This isn’t a series of independent problems; it’s the inevitable result of a system using centralized signing keys.

To do better, we must eliminate centralized signing keys. You, or your IT team, should be in control of your signing keys, not a large centralized third-party vendor. PureBoot uses a signing key controlled by you and stored on your Librem Key.  If you purchase a Purism device with the PureBoot Bundle or anti-interdiction, we prepare an individual signing key for you, which you then can replace with your own key upon receiving the device.

Purism Products and Availability Chart

	Model	Status	Lead Time
	Librem Key (Made in USA)	In Stock ($59+)	10 business days	Learn More Buy Now
	Librem 5	In Stock ($699+) 3GB/32GB	10 business days	Learn More Buy Now
	Librem 5 COMSEC Bundle	In Stock ($1299+) Qty 2; 3GB/32GB	10 business days	Learn More Buy Now
	Liberty Phone (Made in USA Electronics)	Backorder ($1,999+) 4GB/128GB	Estimated delivery date pending	Learn More Buy Now
	Librem 5 + SIMple (3 GB Data)	In Stock ($99/mo)	10 business days	Learn More Buy Now
	Librem 5 + SIMple Plus (5 GB Data)	In Stock ($129/mo)	10 business days	Learn More Buy Now
	Librem 5 + AweSIM (Unlimited Data)	In Stock ($169/mo)	10 business days	Learn More Buy Now
	Librem 11	In Stock ($999+) 8GB/1TB	10 business days	Learn More Buy Now
	Librem 14	Backorder ($1,370+)	Estimated delivery date pending	Learn More Buy Now
	Librem Mini	Backorder ($799+)	Estimated delivery mid-October	Learn More Buy Now
	Librem Server	In Stock ($2,999+)	45 business days	Learn More Buy Now