Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open (Ars Technica)

Ars Techica is reporting on a mistake by Microsoft that resulted in providing a "golden key" to circumvent Secure Boot. The "key" is not really a key at all, but a debugging tool that was inadvertently left in some versions of Windows devices that was found by two security researchers; the details were released on a "rather funky website" (viewing the source of that page is a good way to avoid the visual and audio funkiness)."The key basically allows anyone to bypass the provisions Microsoft has put in place ostensibly to prevent malicious versions of Windows from being installed, on any device running Windows 8.1 and upwards with Secure Boot enabled.And while this means that enterprising users will be able to install any operating system-Linux, for instance-on their Windows tablet, it also allows bad actors with physical access to a machine to install bootkits and rootkits at deep levels. Worse, according to the security researchers who found the keys, this is a decision Microsoft may be unable to reverse." As the researchers note, this is perfect example of why backdoors (legally mandated or not) in cryptographic systems are a bad idea.

Update: For some more detail, see Matthew Garrett's blog post .