Gregory's ServerSame thought here. If an attacker can write to your ESP that's usually game over. The exception is if your boot sequence is being measured into your TPM. Seems to me that the larger problem is that the boot sequence isn't measuring the logo file.
|
Top-level
Same thought here. If an attacker can write to your ESP that's usually game over. The exception is if your boot sequence is being measured into your TPM. Seems to me that the larger problem is that the boot sequence isn't measuring the logo file. 1 comment
|
@hattifattener @dangoodin @matrosov
So I think the ultimate issue might be that arbitrary code execution within DXE likely means that an attacker can call or otherwise implement the logic of PCR extension themselves with arbitrary digests to fool the TPM into thinking that everything is fine.
If this extends to being able to i.e. load a filesystem driver, unpack and relocate a malicious EFI PE, and jump to its entry point manually, seems like you could bypass any PCR checks as well