Email or username:

Password:

Forgot your password?
Dan Goodin

In 2012, an industry-wide coalition of hardware and software makers adopted Secure Boot to protect against a long-looming security threat. The threat was the specter of malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted up. From there, it could remain immune to detection and removal and could load even before the OS and security apps did.

To this day, key players in security—among them Microsoft and the US National Security Agency—regard Secure Boot as an important, if not essential, foundation of trust in securing devices in some of the most critical environments, including in industrial control and enterprise networks.

On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022. In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.

The repository included the private portion of the platform key in encrypted form. The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. Now that the leak has come to light, security experts say it effectively torpedoes the security assurances offered by Secure Boot.

“It’s a big problem,” said Martin Smolár, a malware analyst specializing in rootkits who reviewed the Binarly research and spoke to me about it. “It’s basically an unlimited Secure Boot bypass for these devices that use this platform key. So until device manufacturers or OEMs provide firmware updates, anyone can basically… execute any malware or untrusted code during system boot. Of course, privileged access is required, but that’s not a problem in many cases.”

arstechnica.com/security/2024/

42 comments
Steve Zakulec

@dangoodin Hi Dan, the PowerShell command in the article has an error- GFD in the comments has the right one. Enjoyed the article a lot.

Rachel Rawlings

@dangoodin File under "News that makes people want to retire and raise chickens, until they remember bird flu."

Rocketman

@dangoodin Computers were a mistake, pt. 83,517

Rairii

@dangoodin oh, good thing I publicly backed up those github repos last year when I found them archive.org/details/aaeon-uefi-firmware-git-repos

Kyle Brown

@dangoodin wasn’t this literally the plot of “Red Team Blues” by @pluralistic?

RalfMaximus

@dangoodin

> Of course, privileged access is required, but that’s not a problem in many cases.”

Doesn't that make it an "already past the air lock" kind of attack?

Like, a privileged user would have to knowingly execute a link or file while ignoring all the anti-malware warnings thrown up by the o/s. Windows UAC would stop this, assuming the user is paying attention, right?

What am I missing?

Dan Goodin

@ralfmaximus

You're missing the fact that the sole reason for Secure Boot is to protect against post-exploit attacks that infect the pre-boot firmware.

RalfMaximus

@dangoodin

Honest question, promise I'm not trolling: again, how would an attack in the wild occur using the compromised key?

I've got Windows Defender, UAC, and Malwarebytes running. I try to install an infected firmware update via its exe. One or all 3 of those tools should intercept the attempt.

If I ignore the warning(s) and proceed to install compromised firmware, that's on me at that point. Right?

Zoarial94 :donor:

@ralfmaximus @dangoodin Sorry, I answered a question you didn't even ask in my last post. Such a low-level attack would probably mean that you are a person of interest. It's probably the kind of thing where a state sponsored actor would use zero-days to get installed. But also, yes, there are people who are willing to bypass everything or turn off an anti-virus to install cheat software or whatever else they think they're installing.

Zoarial94 :donor:

@ralfmaximus @dangoodin It's also a good thing to have defense in-depth. Considering that all software can be compromised, you want as many layers as possible. You would hope that there is another level of security preventing the motherboard firmware from being compromised if the OS is compromised as well.

J. "Henry" Waugh

@ralfmaximus @dangoodin all three have been bypassed multiple times over the years, and installed a variety of rootkits on millions of systems to create e.g. botnet networks

There have also been various other Windows API and kernel driver flaws where the malicious software evaded their scans, which are typically "event driven"

Now imagine a rootkit where a secure erase of the disk and clean Windows reinstall would not remove it...

Bench Mark

@ralfmaximus There have been many attacks where none of those protections worked.

I read in the German-language "c't" published by @heiseonline that Secure Boot was poorly designed.

Farce Majeure

@ralfmaximus @dangoodin with PKpriv you can sign updates to the trust databases and (for example) install your own bootloader that backdoors everything.

Geldaran

The fact that there careless and/or overworked people at all levels of IT? Or ones badgered into giving admin access to users who are completely unqualified to have it? Or that there are privilege elevation vulnerabilities that could be layered with this?

Our defenses are done in layers in the hopes that getting through one doesn't give them the keys to the castle, but when something this fundamental gets screwed up by careless bullshit from a huge vendor? It makes me wonder why we bother.

Raj Naghee Reddy

@ralfmaximus @dangoodin I think the concern is that businesses/orgs might simply “re-image” the compromised machine (usually means just wipe and re-install the OS) and move on. Until now, people mostly trusted that the Secure Boot stuff would protect them from a BIOS level persistence. (Even the most diligent of companies might have machines that are yet to be patched or must run an older browser version etc.)

DELETED

@dangoodin

Microsoft should be investigated as a criminal russian front

Morten Hilker-Skaaning

@dangoodin so something that's essentially is only slightly less important than the nuclear launch codes is protected by.. <checks notes>.. "clown farts"?

LisPi
@dangoodin @cstross Will we finally start getting rid of platform keys and having users provision their own?

That'd be nice. There's no reason to trust the corposcum not to sign malware for state surveillance agencies.
Dan Goodin

@shadow06

You don't have a single friend or family member who is unable to follow your advice?

Shadow06

@dangoodin

Unable no. Unwilling, yes.

I'm done coddling. People can change a tire, harvest their own food, crochet a wedding dress, but not be independent online? Terrible excuses abound.

The only credit I give them is the speed at which everything has changed. I blame technologists for having 0 social skills.

Michael Kohne

@dangoodin Can we just go back to masked ROM, please? When the BIOS couldn't be flashed in the field, it also couldn't be compromised in the field.

:gnu:Hacker

@dangoodin That was close. My motherboard is MSI.

Phil Stevens

@dangoodin I know..that was sarcasm. I did check my bootloader, though.

Coffeetest

@dangoodin I remember arguing with someone about this way back. I am not sure why I was so opposed back then but this result doesn't surprise me. IIRC maybe I was sure this was just a way to try and lock out unapproved OSs i.e. Linux but to be honest I can't recall.

The augment against me was like "but but but security!!!!!!1!!1!"

DelegateVoid

@dangoodin For those looking for the command on Linux: you must first install the eftools package

`sudo apt-get install efitools`
`efi-readvar -v PK`

NicknamesOfGod

@dangoodin That's what I call Security Theater. It's not about actually securing anything; it's just about appearing to done so. Also: how bad a week is Intel having, eh?

Eric Dubé

@dangoodin I'm starting to feel something of this severity is coming to surface on a weekly basis lately.

Latte macchiato :blobcoffee: :ablobcat_longlong:

@dangoodin@infosec.exchange Have these "industry-wide secret keys" ever worked? It's always some dumb stuff like this in the end ​:floofWoozy:​

Christian Berger DECT 2763

@dangoodin Well it's "Secure Boot". The security it's meant to provide is for business models, not for user data. So as a user I couldn't care less.

Jonas

@dangoodin
I'm not sure UEFI with its large attack surface is better, security-wise, than good old BIOS which was at least easily auditable.

翠星石
@dangoodin It's a shame only one of the many keys were revealed, so while you can now at least boot whatever free software you want, the UEFI itself cannot be freed.
John Gordon

@dangoodin Thank Darwin that was the only blunder compromising Secure Boot and we can absolutely trust it otherwise.

(Are typewriters still being made? I had a very fine electric typewriter with small edit buffer I gave away in the 90s. Now it would be worth thousands :-)

Go Up