PKfail Secure Boot bypass lets attackers install UEFI malware

PKfail Secure Boot bypass lets attackers install UEFI malware

July 25, 2024 at 05:45PM

UEFI products from 10 vendors are vulnerable to compromise due to a critical firmware supply-chain issue called PKfail, allowing attackers to bypass Secure Boot and install malware. The affected devices use a test Secure Boot master key from American Megatrends International, which often remains untrusted by OEMs. Vendors are advised to follow key management best practices to mitigate the issue.

After reviewing the meeting notes, it is evident that there is a critical firmware supply-chain issue known as PKfail, which affects UEFI products from various vendors. The issue allows attackers to bypass Secure Boot and install malware. The impacted devices use a test Secure Boot “master key” generated by American Megatrends International (AMI), which should have been replaced by the OEMs or device vendors with their own securely generated keys.

The affected UEFI device makers include Acer, Aopen, Dell, Formelife, Fujitsu, Gigabyte, HP, Intel, Lenovo, and Supermicro. Furthermore, there was a supply chain security incident involving leaked private keys from Intel Boot Guard, impacting multiple vendors.

To mitigate PKfail, vendors are advised to generate and manage the Platform Key by following cryptographic key management best practices and to replace any test keys provided by independent BIOS vendors like AMI with their own securely generated keys. Moreover, users should monitor firmware updates issued by device vendors and apply any security patches addressing the PKfail supply-chain issue as soon as possible.

Additionally, Binarly has published the pk.fail website, which assists users in scanning firmware binaries for free to identify PKfail-vulnerable devices and malicious payloads.

Full Article