Has there been any discussion as to how these attacks interact with TPM/PCR-based system integrity checks? My understanding is that even if this method were used to bypass Secure Boot protections/etc, that behavior would still result in modified PCR measurements and would be detectable in any subsequent boot processes that rely on TPM-sealed secrets? (for instance, disk encryption)
@josh @dangoodin @matrosov
Same thought here. If an attacker can write to your ESP that's usually game over. The exception is if your boot sequence is being measured into your TPM. Seems to me that the larger problem is that the boot sequence isn't measuring the logo file.