The Perils of Updating UEFI Secure Boot Revocation List

This series of articles is written in the form of the case study investigating a real-life problem, that of Ubuntu Live CD suddenly failing to boot on a computer where hitherto no such problem appeared. In the premise, we are presented with an error message yielding the clue that UEFI Secure Boot might be behind the boot malfunction, while a quick online search hints at the possibility of the latest Windows update being involved. Adopting a thorough approach, we begin with a sufficiently detailed description of Secure Boot operation and its objectives, then go on to explore Windows updates in general and the kind of updates that deal with Secure Boot settings in particular. Equipped with all the necessary information, we are now in a position to design the experiment demonstrating that it was, indeed, a Windows update that caused the issue, which, of course, will involve coding.

Through a balanced presentation, including both, theory and practical demonstration, the series follows a problem-centric approach while requiring no additional research or prior knowledge of the subject to understand the material.

A Tale of Omnipotence or How a Windows Update Broke Ubuntu Live CD

16 December, 2022 | |

Explains why installing KB5012170 may prevent some Ubuntu Live CDs from booting and describes inner workings of secure boot.

First-Stage Bootloader: Hey, You've Got Pointy Ears Sticking out of Your Window

15 December, 2022 | |

A sample of static binary analysis; therein we examine the method by which a first-stage bootloader verifies the second-stage Linux bootloader, GRUB2, as part of UEFI Secure Boot and, in the process, dissect the structure of UEFI images compiled under Linux.

Inner Workings of UEFI Secure Boot Signature Revocation List (DBX) Updates

10 February, 2023 | |

Presents a UEFI revocation-list-update-file (dbxupdate.bin) parser written in python and explores the contents of various dbxupdate.bin versions form UEFI Forum and Microsoft; touches on the subject of Windows updates structure and differential compression.

Using WinSxS to Retrace Windows Update History

09 February, 2023 | |

Describes the part WinSxS plays in installation of differential compression-based Windows updates. Introduces a python script that reconstructs an update history for a given file by enumerating WinSxS entries and establishing sequences of delta patches.