Email or username:

Password:

Forgot your password?
Dan's posts Post Back to profile
Top-level
Jiub

@dangoodin Wow, what a mess. This really shows the danger of putting unnecessary features into firmware. The UEFI/BIOS vendors have always been kind of a joke for software quality so I'm not surprised that they completely fucked up image parsing.

At least on Linux the danger is somewhat mitigated by `/boot/efi` not being writable by a normal user, though of course a full exploit is possible with a malicious package or local root exploit.

6 Dec 2023 at 15:53 | Wall-to-wall | Open on mstdn.social
3 comments
Tai xzo

@jiub @dangoodin It’s not an encrypted partition though, so you could just boot a liveCD/liveUSB and edit it from there.

7 Dec 2023 at 2:18 | Open on techhub.social
Jonas

@jiub
I wonder whether adding a physical switch sowhere around the flash chip holding the UEFI could lessen this risk. It could be useful for hardening a computer
@dangoodin

7 Dec 2023 at 11:19 | Open on infosec.exchange
Jiub

@magnetic_tape That might be a good idea for security, reminds me of how some Chromebooks require removing a physical screw (which breaks a circuit) to flash the firmware.

But in this case it wouldn't help because the UEFI just loads an image from the unencrypted EFI FAT32 partition 🤦

7 Dec 2023 at 15:34 | Open on mstdn.social
Go Up