July 26, 2024 at 05:24PM
Millions of Intel and ARM-based computing systems are vulnerable to attackers due to a leaked cryptographic key used in the Secure Boot process. The issue, dubbed “PKFail,” allows bypassing of Secure Boot and affects devices from vendors like Lenovo, HP, and Asus. Firmware updates are needed to address this widespread vulnerability.
Based on the meeting notes, the main takeaways are:
1. Attackers can bypass the Secure Boot process on millions of Intel and ARM microprocessor-based computing systems from multiple vendors due to the shared previously leaked cryptographic key.
2. The compromised Platform Key (PK) from American Megatrends International (AMI) is used as the root of trust during the Secure Boot PC startup chain and affects devices from vendors such as Lenovo, HP, Asus, and SuperMicro.
3. The issue, dubbed “PKFail,” makes it easier for attackers to deploy UEFI bootkits and offers persistent kernel access and privileges, prompting the need for compromised keys to be replaced and firmware updates to be deployed.
4. This problem highlights the poor cryptographic key management practices in the device supply chain and the widespread impact of using non-production and test cryptographic keys in production firmware and devices.
Let me know if you need further details or information on specific aspects of this issue.