Successful UEFI secure boot exploitation
Are there any real examples (malware, rootkits, etc.) of exploiting the UEFI secure boot mechanism vulnerabilities such as CVE-2022-21894?
Category Archives: uefi
If I disable CSM (Compatibility Support Module) in UEFI settings, will it protect me from malware that infected MBR boot sector?
As far as I understand, when in CSM mode, UEFI boots using MBR boot sector (from internal hard drive, external USB Flash drive, etc). And when in non-CSM mode, UEFI ignores whole existence of MBR boot sector and boots using special EFI par… Continue reading If I disable CSM (Compatibility Support Module) in UEFI settings, will it protect me from malware that infected MBR boot sector?
Linux Fu: UEFI Booting
Unless your computer is pretty old, it probably uses UEFI (Unified Extensible Firmware Interface) to boot. The idea is that a bootloader picks up files from an EFI partition and …read more Continue reading Linux Fu: UEFI Booting
Why is this Device Guard setting located in a different location from the rest? [migrated]
Device Guard and Secured-core PC configurations are mostly located in this registry location:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceGuard
so, all in HKEY_LOCAL_MACHINE\SYSTEM
Now I’m trying to find the registry keys of… Continue reading Why is this Device Guard setting located in a different location from the rest? [migrated]
Can BIOS/UEFI malware pretend that secure boot is enabled?
As the title says, can BIOS/UEFI malware pretend that secure boot is enabled? And if so, is there any point to enabling secure boot on a device that came with it disabled (or that you previously disabled), considering that the BIOS/UEFI mi… Continue reading Can BIOS/UEFI malware pretend that secure boot is enabled?
Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices
By Deeba Ahmed
In total 22 proprietary software vulnerabilities were identified in the firmware, which Qualcomm addressed in its January 2023…
This is a post from HackRead.com Read the original post: Chip Vulnerabilities Impacting Microsoft, Leno… Continue reading Chip Vulnerabilities Impacting Microsoft, Lenovo, and Samsung Devices
Full disk encryption: Legacy boot mode (MBR) vs. EFI boot mode
FDE tools like VeraCrypt will encrypt the whole system drive when the machine uses legacy boot mode (MBR). But they will only encrypt the system partition if the machine uses EFI boot mode (the EFI partition remains unencrypted).
Most sour… Continue reading Full disk encryption: Legacy boot mode (MBR) vs. EFI boot mode
Would secure boot block GPU if it has modified vbios?
I think that AMD GPUs can be flashed with any modded VBIOS because the GPU doesn’t check for firmware signature.
Shouldn’t the secure boot be able to check signature of the AMD GPUs modded VBIOS and block the PC from booting if the signatu… Continue reading Would secure boot block GPU if it has modified vbios?
Secure boot + full disk encryption, should I sign the kernel?
I’m redoing my laptop installation from scratch, and this time I want a full secure boot chain.
Here’s what I did so far :
Enroll my own keys in the UEFI firmware
Sign my grub bootloader
Full disk encryption (implying /boot is encrypted a… Continue reading Secure boot + full disk encryption, should I sign the kernel?
IT threat evolution Q3 2022
Recent APT campaigns, a sophisticated UEFI rootkit, new ransomware for Windows, Linux and ESXi, attacks on foreign and crypto-currency exchanges, and malicious packages in online code repositories. Continue reading IT threat evolution Q3 2022