In 2012, an industry-wide coalition of hardware and software makers adopted #Secure #Boot to protect against a long-looming security threat.
The threat was the specter of 
malware that could infect the BIOS, the firmware that loaded the operating system each time a computer booted up.
From there, it could remain immune to detection and removal and could load even before the OS and security apps did.
The threat of such BIOS-dwelling malware was largely theoretical and fueled in large part by the creation of ICLord Bioskit by a Chinese researcher in 2007.
ICLord was a #rootkit, a class of malware that gains and maintains stealthy root access by subverting key protections built into the operating system.
The proof of concept demonstrated that such BIOS rootkits weren't only feasible;
they were also powerful.
In 2011, the threat became a reality with the discovery of #Mebromi, the first-known BIOS rootkit to be used in the wild.
Keenly aware of Mebromi and its potential for a devastating new class of attack,
the Secure Boot architects hashed out a complex new way to shore up security in the pre-boot environment.
Built into #UEFI
—the Unified Extensible Firmware Interface that would become the successor to BIOS
—Secure Boot used public-key cryptography to block the loading of any code that wasn’t signed with a pre-approved digital signature.
To this day, key players in security
—among them Microsoft and the US National Security Agency
—regard Secure Boot as an important, if not essential, foundation of trust in securing devices in some of the most critical environments, including in industrial control and enterprise networks.
An unlimited Secure Boot bypass
On Thursday, researchers from security firm Binarly revealed that 
Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro.
The cause:
a cryptographic key underpinning Secure Boot on those models that was compromised in 2022.
In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a #platform #key,
the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it.
The repository was located at github.com/raywu-aaeon/Ryzen2000_4000.git,
and it's not clear when it was taken down.
The repository included the private portion of the platform key in encrypted form.
The encrypted file, however, was 
protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text.
The disclosure of the key went largely unnoticed until January 2023,
when Binarly researchers found it while investigating a supply-chain incident.
Now that the leak has come to light, security experts say
it effectively torpedoes the security assurances offered by Secure Boot.
https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/
Ⓥ
