Do any computer manufacturers sign (DSA, or just publishing a hash) their recovery partitions so that I can be sure that these bits are authentic? I'd like to buy a second-hand computer and reduce the chance of it having any spyware.
Asked
Active
Viewed 216 times
3
-
Apple has an online recovery method (command-R at boot) that might accommodate this request internally. – makerofthings7 Apr 29 '15 at 15:51
2 Answers
1
You shouldn't use the recovery partition even if it's signed. I would personally be more worried about the manufacturer than the person who's selling it to me (and if the seller is really malicious, he would've embedded some evil hardware keyloggers rather than relying on a partition I may never ever use).
To strictly answer your question, I believe the only solution is UEFI secure boot, which will extend the chain of trust up to the bootloader. After that, you should hope the bootloader does the same and checks authenticity of the kernel before loading it, and so does the kernel itself and the recovery program. This is pure theory and no manufacturer is going to "waste" time doing that, after all, why should they ? Installing Superfish takes less time and actually makes them gain more money.
Your best option is to download an MSDN ISO on either pirate sites or mirrors of the old Digitalriver server (an official reseller that provided direct downloads of ISOs which was really nice and allowed everyone to enjoy a clean Windows experience, but apparently we can't have nice things and it got replaced by this nonsense which doesn't work for OEM keys, like a big "F... you, you don't deserve a clean Windows, stay with your Acer-sponsored bloatware"). Once you get the ISO corresponding to the version installed currently, check the hash on MSDN.
Now depending on what OEM you have, your key on the bottom may just work (as it was the case for my Dell Latitude) or they may use something called SLP and the key at the bottom of your computer doesn't actually do anything and is just there to make you waste time. To be safe you could try to backup the current activation files, search for slic backup.
Finally I suggest you boot on a Linux Live-CD and issue a secure erase command to the HDD, or use a tool like shred to wipe the hard drive completely, including any MBR and hidden recovery partition that may be compromised or include bloatware. This isn't for data security so one pass of shred is enough.
0
if someone tampered a factory recovery partition to target you, I would doubt if it is wise to buy a second-hand computer to work with.
To answer your question, yes the recovery partitions are usually signed. but to check them is somewhat difficult as different resellers might package different version of pre-installed software in the recovery partition, so I believe there won't be a published hash. But you can try your luck with their Customer Service.
FraudSecurity
- 3
- 4
-
The way X.509 digital signature works, you shouldn't need to know the individual partition's hash, but only the public key of the signer. – Lie Ryan Apr 29 '15 at 15:45