July 26, 2024 at 05:51AM
Binarly has identified a security vulnerability named “PKfail,” centered around an exposed American Megatrends International Platform Key (PK), utilized as a Secure Boot private key. This flaw, found in hundreds of computer models from various manufacturers, allows attackers to sign and execute malicious code during the device’s boot process, potentially compromising the entire security chain. Several vendors have addressed this issue, but a tool has been released to determine potential impact on affected systems.
From the meeting notes, we can gather that a Secure Boot issue named PKfail has been identified by the security firm Binarly. This vulnerability is related to an exposed American Megatrends International (AMI) Platform Key (PK), which has been found in hundreds of device models from major computer manufacturers such as Dell, HP, Lenovo, Fujitsu, and Supermicro.
The issue allows attackers to run untrusted code during the boot process, compromising the security chain from firmware to the operating system. Binarly has scanned tens of thousands of UEFI firmware images and found affected devices dating back to May 2012, making it a long-lasting supply-chain issue spanning over 12 years.
Supermicro and Dell have addressed the vulnerability, while HP, Lenovo, and Fujitsu claim that none of their supported products are impacted. Binarly has released a tool for users to determine if they are affected by PKfail and has also published videos demonstrating PKfail attacks on both Windows and Linux systems.