Secure Startup: Microsoft in Your Motherboard - What Secure Startup Does
(Page 2 of 4 )
Well, much as the name would indicate, Secure Startup allows a computer to monitor its own boot up sequence. This seems mostly focused on preventing tampering when the computer is not running. Most people understand that their Windows XP log-on password is a pretty feeble security measure (though definitely more of an obstacle than the old Windows 98 ones).
If somebody has physical access to your computer, there are a few ways to very easily get data off the hard drive. The whole issue of booting Windows could be easily circumvented by taking the drive out and placing it in another computer. By starting up this other system, the stolen drive will be detected as a secondary drive and will be accessible. Non-encrypted files on it will be available for anyone to open and edit.
Microsoft is kind of vague on the details of how Secure Startup will prevent this. From their releases, it looks like Windows will encrypt its whole disk or partition using a SYSKEY (a keycode stored on the TPM) as it is shutting down. Then, according to Microsoft, "During the boot process, the keys that unlock the encrypted Windows partition are only released from the TPM once the booting operating system veracity has been established." So, if starting the hard drive on the correct computer, something will establish that the operating system is correct (they are really unclear as to what will determine this). Afterwards Windows will unlock itself when the TPM sends it the correct SYSKEY.
If the drive is trying to start in another computer, there will either not be a TPM or the TPM will have an incorrect SYSKEY. Windows will not unlock, and the system will not boot. If the Secure Startup drive is secondary to another drive (the workaround mentioned above that allows access data without a log-in) it will not unlock because either it will not receive a SYSKEY or else it will be the wrong one. To a user who is denied access, it will probably look like an empty, unformatted drive, as encrypted drives often look when not properly opened.
Another easy way to access data on a hard drive without Secure Startup is to throw a bootable disk in the machine, such as Linux Live CD. The system will start another operating system in the boot sequence, and it will detect the Windows drive. Again, that drive will then be wide open for anyone to view and change non-encrypted files. There are also less simplistic ways to gain access to Windows using tools that reveal system keys and allow a login.
Secure Startup will use a similar principle to prevent these kinds of compromises. Take the example of using a Linux boot disk. As the Linux system starts, the hardware may try to negotiate with it. Operating system veracity will not be established since it is not booting the expected Windows, therefore the TPM will not send the SYSKEY. The Windows drive will not be able to unlock and Linux will not find or reveal the Windows partition.
Next: What Secure Startup Wrecks >>
More Motherboards Articles
More By Developer Shed
