The whole problem around secure boot is that Windows 8 requires Microsoft as its root of trust meaning that only that code or application or software can be executed onto a Windows 8 system which is signed by Microsoft. The developer has found a way of getting rid of all the keys supplied by Microsoft and in a way turning tables on Microsoft.

This particular finding cannot be entirely deemed as a hack as Windows 8 certification requirement itself “insists that the key databases be completely modifiable.” This gives users the power to delete the cryptographic keys supplied by the manufacturer and even those of Microsoft. This deletion would render the system in what is called a “Setup Mode” whereby it will boot just about anything – even something without a valid signature.

Garrett has said that populating the system with new set of keys is not difficult and that there are tools available that can do the job for you. The bit that is difficult is what to do after the initial stage? The problem here is that once Microsoft’s keys are gone, the drivers for graphics (plug-n-play) and such other devices will not be usable as they are signed by Microsoft. This means enrollment of just the drivers is not possible without actually trusting everything else signed by Microsoft.


There are ways around this as well by manually feeding in a set of trusted hashes. This can be done by generating a SHA256 hash of all the hardware ROM and then putting that hash in the key database. If done successfully, users can now boot their systems and install any software they deem fit and not have any Microsoft software running on the system.

Garrett write in his blog post, “There’s still some work to be done in order to permit users to verify the entire stack, but Secure Boot does make it possible for the user to have much greater control over what their system runs.”