The TCG is hosting its annual security workshop at the RSA Security Conference on Mon Feb 25th in San Francisco. I have attended for the last 5 years and always found the panels and speakers well worth the time invested to attend.
As we have done for the past few years WinMagic, as a TCG member, has the opportunity to demonstrate our product during the breaks. Since Windows 8 is still relatively new and not yet fully supported by most Full Disk Encryption (FDE) Independent Software Vendors (ISVs) I choose to demonstrate that with OS. (Last year we showed a solution that was OS agnostic).
This year I am bringing a Lenovo T430 with Windows 8 booting native UEFI off of a TCG Opal drive managed by SecureDoc 6.1 to demonstrate. When I was preparing the demo I noticed a few things:
I wanted to turn on Secure Boot and found it under the Security tab in the BIOS. It says that Secure Boot when enabled prevents “unauthorized operating systems from running at boot time”. I turned it on and sure enough when I tried to boot to a shell on a USB memory stick I got the message “Secure Boot: Image failed to verify …” Secure Boot is a good feature to prevent attacks on pre-boot authentication (PBA) for FDE where the attacker tries to replace the legitimate code with their code. In my case, since I have a TCG Opal drive and I am running my PBA out of the MBR shadow; which is set to be read only, I am doubly protected against this attack.
After installing SecureDoc, I turned on the power of my laptop and the PBA screen displayed in about 6 seconds, which strikes me as being much quicker than PBA in Windows 7. This is because we have a native UEFI PBA application. The other thing to note is that I did NOT get a “Secure Boot: Image failed to verify …” message. This is because our PBA code is signed by Microsoft and the Microsoft key required to verify our signature is built into the Lenovo UEFI code.
Next, I typed in my password and in a few more seconds the Windows 8 wall paper appeared.
That’s really all there is to it. Point being, security doesn’t have to get in the way of your normal work or slow you down.
If you are in town attending RSA please come to the TCG workshop, say hello, see my quick demo.