Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

Isn't it good? Does leaked key mean that now owners of hardware will be able to read and modify the firmware, including IME, and check it for backdoors?

Such keys should be in the hands of users, not Intel.

If there was something to leak, it was always going to. Just a matter of when. Pretending otherwise is just security theater.

Yeah, don't depend on a permanent global conspiracy for your security. Someone always defects and accidents often happen long before that.

It is not a conspiracy. Just like the iOS App Store it is for your own protection. There is no legitimate reason to run your own software on general purpose computing hardware.

/s I hope. ;)

Pfft, keys, schmeys. Real security is built on handshakes and backroom deals, not strong encryption.

Realistically it means a lot more people are going to cheat in Valorant.

Is everything that is gong to fail eventually just useless theater? Like new cars Re just transport theater because they will have to be junked eventually?

I agree that master private keys are bad security design, and we can and should do better. I'm just not willing to say that all past security value is retroactively nullified. That feels polemic more than realistic.

Doesn't really matter /a or not, it's a ridiculously reductive and extremist position either way.

Security is about tradeoffs, most notably security vs convenience, but also many others.

Anyone who suggests that their personal preferences in tradeoffs are not just universally correct but also the only reasonable position to hold is just silly.

That’s the same argument that people use to support the second amendment (the people’s right to bear arms)

I've read a lot of anti cheat RE in the past, seems like the cheater/modder people have found their way to the infosec community, can you elaborate on how this would accelerate Valorant cheating. Is their watchguard thing using some Intel feature?

There's a difference between temporary security and security theater.

Real but temporary security -> This 2048 bit key you generated will be commercial grade protection until at least 2030. Sometime after that computers will be strong enough to brute force it. Do not store anything with this key that will still be highly sensitive in 7 years. It's possible the underlying algorithm is cracked, or a leap in quantum computers happen that will make the key obsolete sooner.

Security theater -> All software running on this chip must be signed with our master key. Please trust all software we sign with this key, and no malicious party will have access to it. You are not allowed to run arbitrary software on your hardware because it is not signed with our key.

In the first case, the security is real. You own the lock, you own the key, and you control the entire security process. In the second case, you neither own the lock, the key, and basically have limited access to your own hardware.

What's the cryptographic definition of a "backroom deal"? Can I do it with Ed25519?

Yeah, it is puzzling that the key was able to be leaked in the first place. The key should have been in an HSM.

Hey, the second amendment says the right to bear arms shall not be infringed, it doesn't say it exists!

Oh no! Here, please, backdoor my OS with a kernel anticheat -- anything that saves me from cheaters in the current bideo game of the month! D:

Their anti cheat is a kernel level driver and requires secure boot to make sure it loads before anything could potentially tamper with the system.

Didn't get it

Wanting to play competitive games without cheaters is something that real users actually want and they get real value from. Your mockery of these people doesn't remove the value they get from being able to play without cheaters.

Doesn't it only require secure boot on Windows 11? For now you can get around that requirement by simply staying on Windows 10, until they retire support for that.

Riot anti cheat is quite invasive but Valorant is a competitive ranked first person shooter, allowing cheaters violates the integrity of any ranking system of players, and that ranking system is one of the primary appeals of the game.

I honestly don't understand why people act like this. Wanting to be able to ensure firmware isn't maliciously modified is a good thing. Open firmware is also a good idea obviously but there has to be a way to ensure firmware is signed either by OEM or your own keys like secure boot.

As for games, lots of people play games and want good anticheat. If you don't like that you don't have to play those games but no need to act like the way you are because other people want decent anticheat.

Absolutely. My first thought was 'ah now I can modify my BIOS the way I want it'.

You are correct. Secure boot is not required to play valorant on windows 10.

Yes, the mandatory TPM and secure boot only applies to Windows 11. I'm sure they're eager to drop Windows 10 support as soon as they're able to.

Same thing with Samsung and their key leak.

Part of the blame, imo, lies with how clunky tools are at the lower levels. I've seen plenty of hardware based signing protocols that don't allow for key hierarchies.

Higher level tools push this along as well. Hashicorp Vault also, last I checked, doesn't allow for being a front end to an HSM. You can store the master unlock key for a Vault in an HSM, but all of the keys Vault works with will still be in Vault, in memory.

So don't play the game. Personally I want kernel level anticheats because they make it much harder to cheat in the game. I want to know that my opponents are not cheaters. That's something I don't have in CS:GO, a game ripe with cheaters, or TF2, a game ripe with bots. (Valve's usermode anticheat is absolutely useless)

Is there any tutorial that I can learn to do it? Should I Google "dump Intel firmware" or some other more specific ones? I'm going to do some research after going through my training this afternoon.

Yet it's still pretty dang easy to bypass VGK and cheat in Valorant if you even slightly know what you're doing. Now you have the worst of both worlds. In theory, Valve's VACnet and Trust Factor are the ideal solutions, but in practice... not so much.

How is VAC the ideal solution? It is weak even in theory.

>honestly don't understand why people act like this.

Because it’s social pressure to compromise your computer to a gaming company to get to play a game.

People don’t care about the anticheat on their computer, they want it foisted on everyone else who plays, which is a sucky proposition for privacy and security minded people.

It’s like advocating for the TSA to be controlling access to the grocery store because you want to feel safe there and don’t mind the privacy violation.

>to compromise your computer

What do you mean by this? As the user you are intending to have the game and its anticheat run. Having to download and run a game on your computer isn't compromising your computer either. Maybe the only thing which doesn't give the game company power to run potentially malicious code on your machine is cloud gaming. That also solves the cheating problem at least.

No, but you can with the curves that the NSA proposed to NIST.

Nothing's prevented you from reading the firmware - this is a signing key, not an encryption key. Multiple people have spent time reverse engineering the ME firmware, people have found bugs but no evidence of a backdoor.

> As for games, lots of people play games and want good anticheat

Great, let's install a backdoor in every computer so that some people can play games and watch movies. No. Computer is a thing for computing numbers not a replacement for a TV.

>People don’t care about the anticheat on their computer, they want it foisted on everyone else who plays, which is a sucky proposition for privacy and security minded people.

No they want games without hackers. Which kernel based anticheats helps with. Can it also impact privacy and security? Yes no doubt but so can any program running on the computer even in userspace. Remember we are talking about kernel anticheats on windows lol.

If you are really worried about it you could dual boot like many people. Either way this whole argument seems silly to me.

1. It doesn't actually work.

2. All it actually does is keep users trapped in Windows. God forbid anyone actually use Linux, or even a VM!

The only actually effective anti-cheat is the original: moderation.

Now that users aren't able to host their own servers, they can't do moderation. Game studios don't want to do moderation themselves, so they keep trying (and failing) to replace it with automated anticheat systems.

Make every player pay a deposit which is confiscated when they get caught cheating. Make servers with different deposit levels, so that people who really care about cheating pay over $1000 for example.

Better than having keys which I cannot control on my computer. And I don't play games anyway.

Having encryption, keys and software that I cannot control because game makers and copyright owners want more profit is ridiculous.

"keep and bear" :^)

VACnet, not VAC. Server-side ML model analyzing player actions influencing their Trust Factor (or just straight up banning in more egregious cases).

I can't take people like you seriously. The anticheat isn't a backdoor. It doesn't ship with the operating system or come preinstalled in anyway. You opt into it when you play the game. Literally nothing is forcing you to use it or have it installed on your computer.

I understand this is the internet and being super dramatic is part of it but can we please be for real for one moment?

HSMs are not secure to sustained competent hardware attacks. This should have been on an HSM in multiple secure a signing service facilities with authenticated access and never handed to an OEM of any kind in any form.

Again. You are ignoring that users gain real value from this. The reason why copyright owners are making more profit is because user's are finding value in their product and they are being given what they want.

I love this comment, thank for such a good laugh.

I really hope no one would ever think this non sarcastically.

I meant things like Microsoft's signing keys embedded inside BIOS, Microsoft Pluton CPU, secure enclaves inside CPU (now deprecated though) and things made for Secure Boot and DRM.

> Yeah, don't depend on a permanent global conspiracy for your security. Someone always defects and accidents often happen long before that.

But then we still also have things like Crypto AG.

It's extremist but unfortunately also an opinion that seems to be nonsarcastically becoming more popular.

You say “no” but then repeat what I said worded differently. When the current market for “games without hackers” is filled with kernel modules, it sucks.

Do you think the 30+ years of user-space isolation improvements that have gone into modern OSes are not undone by a kernel module?

The whole point of a kernel level anticheat in that it can bypass the isolation to find cheats.

The isolation still exists for normal programs when the anticheat is present.

> I honestly don't understand why people act like this.

Good anticheat? Just play with people you know instead of random strangers. Thats your anticheat right there.

If they care that much make them pay for it.

You're advocating for installing a kernel module that you don't even know what it does exactly when running a random game.

Would you also support a full cavity search each time you decide to fly a plane?

The kernel module has full access to your hardware, you don't know what it does exactly. You don't even know if it does something more than anticheat.

People got so complacent in recent years, and this is on a technology forum no less. I guess today the Sony rootkit[1] would be totally acceptable.

[1] https://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootk...

Sure, isolation exists except for Riot Games (and any other company that adds similar mandatory modules, which eventually will be all). Oh yeah, assuming there also won't be any vulnerabilities, but that's impossible, because we all know about the high quality software coming from gaming industry.

Or allow people running their own gaming servers that they can moderate. Solves cheating problem and when gaming company stops supporting their online game or goes out of business.

> Wanting to be able to ensure firmware isn't maliciously modified is a good thing.

I'm not sure it's a good thing at its core. The intent seems legit on the surface, but digging into the implementation you'll always end up having an adversarial relation with your user's security and device ownership.

On games, I kinda see this as an argument for preserving a special status for consoles, where the maker keep a right to secure everything to insane levels. Doing the same on general purpose computing platform isn't acceptable. Banking and digital currencies are morr of a blurry line, but games definitely shouldn't be accessing the utter most secure system of the platform.

If anything, opening the door to a whole community to hack the base security of your computing life when litteral life and death applications also rely on those shouldn't be allowed.

The trick is seeing different personas rather than just "you".

IT admins are thrilled to have limited access to their own hardware, as long as adversaries do too.

In corporate IT, the greatest fear is insider attacks, either knowing or because statistically some users will inevitably make mistakes. Secure boot is fantastic in this context, even if it feels like an unreasonably impingement to gamers / tech enthusiasts.

Yeah, right. Wait until the day when iOS App Store infra keys leak.

Oh no! That will never happen. Because it runs on Apple M1 kryptonite chip that even Superman can't touch. /s

Why did hosting your own server stop being a thing?

This rings more true than many would want to accept: Most people view and use computers as household appliances; they just use whatever is installed on it and if it breaks they go out and buy a new one.

For most people there are, in fact, no legitimate reasons to run "their own" software on "general purpose" (read: household appliance) computing hardware. Almost nobody runs custom software on their washing machine or toaster.

What's wrong with people being upset that in order to play the game they have to install low level kernel modules? It's flawed software that hits an ant with a sledgehammer. Adding to injury, tons of reports online of people getting BSODs and other security features not working while the module is enabled. It's invasive and it's silly to be as dismissive as you are around peoples' concerns.

https://www.reddit.com/r/riotgames/comments/12wr2hz/kernelmo...

https://www.reddit.com/r/ValorantTechSupport/comments/kfxy9a...

>You're advocating for installing a kernel module that you don't even know what it does exactly when running a random game.

You don't know what the game will do either. It requires trusting Riot even if there isn't an anticheat.

Also most users will never know what the other kernel level drivers do.

>Would you also support a full cavity search each time you decide to fly a plane?

I don't see how this is related?

>The kernel module has full access to your hardware, you don't know what it does exactly.

The same can be said about any other kernel level driver and even about Windows itself.

>People got so complacent in recent years, and this is on a technology forum no less.

What Riot wants to do is not possible with a user level anticheat. Once Windows eventually gets its security improved such that apps can query the integrity of the system Riot would likely be able to get away with a less privileged anticheat.

>I guess today the Sony rootkit[1] would be totally acceptable.

If it didn't try and hide itself I would agree with you.

They are by purchasing skins.

This here. Cheaters will always find ways to cheat. Theres already cheats that run on completely separate machine so they cant be detected. Legimate customers keep getting screwed.

What do you mean? It also says that states should have militias or something, but I didn't feel that was relevant.

Because people prefer to pay 10x as much to have apple/google/etc host it for them. It's still a thing for people who know what they're doing and the experience is vastly better and more private and secure.

It's worth reminding that we already had a solution to the games with hackers problem: smaller community-run servers where people can get to know each other. But game companies want the centralized model so that they can stay in control of how the game is used to continuously monetize it and to forcefully retire it once they want to push a newer one.

Hackers are mainly only problem for anonymous ranked matchmaking. That's not to say cheaters don't exist without it but they are a) much less disruptive b) have much smaller reach and therefore c) are less motivated.

Like most ills being used to push anti-user technology, cheating is primarily a problem created by the industry itself.

Game companies want the centralized model so that they can stay in control of how the game is used to continuously monetize it and to forcefully retire it once they want to push a newer one.

But how will this provide the game company with continous revenue streams from selling you database entries that you can show of to complete strangers.

It's a bit of a stretch, but maybe we as a society should be considering the social pressure as being the problem. Why do we allow ourselves to be 'controlled' in this way by others? Especially young people? If we could learn to move past this?