The scenario outlined is not a security vulnerability and does not pose a threat to Windows RT users. The mechanism described is not something the average user could, or reasonably would, leverage, as it requires local access to a system, local administration rights and a debugger in order to work. In addition, the Windows Store is the only supported method for customers to install applications for Windows RT. There are mechanisms in place to scan for security threats and help ensure apps from the Store are legitimate and can be acquired and used with confidence.
We applaud the ingenuity of the folks who worked this out and the hard work they did to document it. We’ll not guarantee these approaches will be there in future releases.
For those who prefer do-it-for-me solutions, with the ability to roll back, have a pair of .REG files. The "Default" one I taken from my Surface before applying this tweak. The "Disabled" one sets the reg value as above.
@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
@clrokr: We gotta get you a RD tag, pronto! You're doing great things.
Seconded.
As far as MS's quote goes, I'm not 100% sure they will be setting out to patch it, but it's still a good idea to disable Windows Update anyways. They may be able to store some sort of cert blacklist in the UEFI that will block the executables required for this, even after a reinstall.
Don't PM me for help, post on the forums. I don't care if you don't have the 10 posts to post in a developer section, I won't respond to basic questions.
I wrote and maintain the jailbreak scripts for Windows RT.
Tablet: Microsoft Surface RT 32GB, Type Keyboard
Phone: Nokia Lumia 920
whats the difference between uefi,efi and firmware?
I find bootmgfw.efi,winload.efi in bcdedit.and I find surfacertuefi.bin in c:\windows\firmware.and every time I reinstall windows,there is a firmware in windows update.so is there anything flash into the surface hardware from window update?I think the uefi is just a file in the filesystem and its recovered when I reinstall windows from usb.
whats the difference between uefi,efi and firmware?
I find bootmgfw.efi,winload.efi in bcdedit.and I find surfacertuefi.bin in c:\windows\firmware.and every time I reinstall windows,there is a firmware in windows update.so is there anything flash into the surface hardware from window update?I think the uefi is just a file in the filesystem and its recovered when I reinstall windows from usb.
No, the firmware (stored on-chip) is what you find in SurfaceRTUEFI.bin. The .EFI files are executables that can be loaded by this firmware if they are signed correctly.
Note: just because automatic updates are disabled doesn't mean you should ignore Windows Update. Quite the opposite, in fact, since this hack makes malicious exploits easier too. Just be very careful which patches you install.
No, the firmware (stored on-chip) is what you find in SurfaceRTUEFI.bin. The .EFI files are executables that can be loaded by this firmware if they are signed correctly.
so uefi is checking efi ,but whats checking uefi?what will happen if we flash a modified uefi?
so uefi is checking efi ,but whats checking uefi?what will happen if we flash a modified uefi?
The UEFI is currently the only thing capable of flashing a new UEFI, and it checks the signatures on any new UEFIs it flashes.
The only real way you could do it without relying on a signature check would be to open the tablet and solder onto the NAND directly.
Don't PM me for help, post on the forums. I don't care if you don't have the 10 posts to post in a developer section, I won't respond to basic questions.
I wrote and maintain the jailbreak scripts for Windows RT.
Tablet: Microsoft Surface RT 32GB, Type Keyboard
Phone: Nokia Lumia 920
Oh, there might be a JTAG port you could use... but yeah. Short of opening up the device (which the Surface, at least, is definitely not designed to support) there's not supposed to be any way to flash an unsigned firmware.
Also, the signature keys are probably stored in a TPM, so mucking with them isn't a practical option either if the EFI doesn't have a way to do it (which it doesn't).
Not too long ago, we talked about how Sony was continuing its AOSP efforts on … more
XDA Developers was founded by developers, for developers. It is now a valuable resource for people who want to make the most of their mobile devices, from customizing the look and feel to adding new functionality. Are you a developer?
Introducing XDA:DevCon – A Conference For Developers By Developers
>
[PSA] Disable Automatic Updates (Howto included)
Print
Email
[PSA] Disable Automatic Updates (Howto included)
View Profile
View Forum Posts
Linear Mode
