The Golden Key is an unavoidable possibility of a full bypass of Secure Boot on most Windows devices.

Security researchers MY123 and Slipstream discovered a vulnerability in the implementation of the Secure Boot mechanism for many devices, which allowed them to completely circumvent the requirement for a properly signed executable code to run on these devices. This, in particular, means that owners of Windows RT tablets will again have the opportunity to install an alternative operating system. But it also means that the headache of system administrators will increase, because the vulnerability opens up new opportunities for installing rootkits.

Enthusiasts posted detailed information on a special page , designed in the style of a demo scene.

The Secure Boot option - allows and \ or disables the ability to start and install other OS on this device.
Secure Boot is a version of the boot protocol, its work is based on stitching keys in BIOS to verify boot code signatures. Secure Boot will refuse to perform any download if the signatures do not match. This technology of protection against hacking and unlicensed use of the OS is based on the modularity of the UEFI (Unified Extensible Firmware Interface) BIOS. UEFI - designed to initialize the equipment when the system is turned on and transfer control to the OS loader.

Secure Boot is included in the UEFI 2.2 specification. Enabled Secure Boot does not usually mean that you can not run an operating system other than Windows. In fact, computers and laptops that are certified to run Windows 8 must have the ability to disable Secure Boot and the ability to manage keys, and, in theory, there’s nothing to worry about. However, non-switchable Secure Boot is on ARM tablets with Windows preinstalled! And in the conditions of the approaching end of the support of these devices, users are faced with the prospect of getting on their hands a rapidly aging piece of tile instead of a tablet with a very decent iron.

More information about the functioning of UEFI can be found in the material " A little about UEFI and Secure Boot ".

There would be no happiness, but misfortune helped. Microsoft practically themselves "leaked" information about how to bypass the Secure Boot.

If you try to briefly and very roughly describe the essence of the found vulnerability, then it is as follows. The modular architecture of UEFI allows the sequential loading of objects into memory. Microsoft provided a special debugging procedure designed for device manufacturers and driver developers. This procedure allows you to download self-signed binary code to bypass mandatory checks. On devices running Windows with a locked bootloader, where this procedure is missing, you can try to add it yourself. About the procedure itself and how to add it became known as a result of research on the latest Windows service packs (redstone, hello!).

In fact, we are dealing with a deliberately introduced backdoor in all versions of the Windows distribution starting at 8, and the researchers just found the " golden key " from the secret theater, "left by the negligent owner at the bar counter."

Earlier it was reported that Microsoft removed the built-in backdoor from Windows RT, which allows you to bypass the Secure Boot and install Linux , but in fact it is not. These were only half measures. The nature of the problem is such that it does not allow to really close the vulnerability, without breaking the "safe" download for many existing media.