Blimey....
"Exploits bypass most secure boot solutions from the biggest chip vendors"
Yeah.
Great.
Bloody brilliant. So.... why do we insist on the bloody mess? F' that.
Hundreds of consumer and enterprise devices are potentially vulnerable to bootkit exploits through unsecured BIOS image parsers. Security researchers have identified vulnerabilities in UEFI system firmware from major vendors which they say could allow attackers to hijack poorly maintained image libraries to quietly deliver …
Seriously, what is the point of creating a 'secure' method to bootup a system if that 'secure' method arbitrarily picks up any random shit from a folder and uses it without performing any security checks whatsoever? That is not just a fail, it's a fucking huge fail. And no-one saw this coming?
I was savagely downvoted when I made this observation regarding XP vs Win10/11, but this is the same scenario...
When you have a known insecure platform (BIOS or XP), you know to take measures to secure it. But when you're told "trust us, this is ultra secure, don't ask questions" (UEFI or Win10/11), you're not only lulled but forced to accept their claims - only to eventually realise that they were full of political promises.
Yes, my understanding is that machines starting in legacy BIOS mode - bootsector, etc - aren't affected by this vulnerability.
LogoFAIL, if my reading of this article's correct, relies on a malformed image placed in the root EFI partition on the boot drive. This images is loaded & parsed by the EFI firmware during boot, before the firmware hands over control of the boot process to the OS on its partition.
So if you're not using UEFI boot, and don't have an EFI partition (NB - these are normally hidden), you should be OK.
For most of us using recent machines, the problem is finding something which does not require UEFI to boot. I had an original Zen1 what failed durign lockdown. Since I don't normally need a power-hungry graphics card I ended up getting a zen2 APU - all those that were available require UEFI.
Yes, we are unlikely to be victiims of the image loading, but that doesn't mean we can avoid UEFI.
Not as big a problem as this one though.
After the first exploit that took over the system you are now in a position of having to throw it away, rather then re-image it, as you can't be sure that a persistent rootkit is now buried in your UEFI firmware.
You could flash the UEFI firmware using the usual utility, but is the exploit smart enough to negate that and keep itself in there? Out with your JTAG kit...
> If an attacker can get a file into the EFI partition then you've got more problems than dodgy image processing by UEFI.
Thats totally trivial. It's a R/W FAT32 partition. If you are lucky something software based in the OS may try to monitor or write protect it but a user merely has to run something as admin to let code modify anything anywhere on a HDD.
It's one of the reasons why I'm against UEFI, it should ALL be in ROM. We have big ROMs these days, why is an unreliable partition needed?
The only firmware should be to load a bunch of bytes off a USB stick and execute them.
The vendors can supply their USB stick installed in the motherboard by default with all their cruddy unnecessary, unreviewed guffware that they want. Folks who don't want the guffware can put their own stick in with whatever pre-boot crap they want (or maybe just a simple locked down bootloader) and optionally superglue the stick in place for extra security. We have USB headers on motherboards already, this is not hard or expensive folks.
Some modern OS require UEFI. Ubuntu Core later than 18 requires it, so old hardware are stuck on 18. Wouldn’t be surprised if all Ubuntu sw later than 18 requires it too (though ISTR you can legacy boot, but it’s a bit like wading through treacle trying to get it to do so). Add that to dropped support for network cards that are not recent, then you need new hardware anyway.
But then if you’re not using a picture then Shirley not vulnerable?
I've always wondered why it's possible to put ANY kind of info into BIOS/UEFI, whether a picture or an update, without requiring physical access to the machine. Make it a button on the motherboard for desktops, or a particular key combination on the built-in keyboard for laptops, that MUST be pushed in order to update the firmware, etc. While it would still be possible to trick some users into doing this, it would drastically cut down on firmware-level malware.
Apple, Microsoft and Intel, the three companies taking the lead on the UEFI specification, managed to con us all into insecure BIOS products that make it far more difficult to service computers. Shame on them, Insyde, Phoenix and AMI for woefully incomplete efforts to make sure these BIOSes are really secure.
Did you ever try to repair a computer with a messed up SSD or hard drive, plus UEFI and BitLocker? It's extremely difficult and only people with a lot of money in their pockets or bank accounts can afford what I charge for a time-consuming service that requires a lot of know-how. Yes, BitLocker is another security feature foisted off on us to enhance computer secuirty. Sometimes, BitLocker is so secure that you can't even access your own data.
Bottom line here is that we have all been sold security with Windows 11 and it comes up far short of how it has to work to be properly secure.
> Did you ever try to repair a computer with a messed up SSD or hard drive, plus UEFI and BitLocker?
YES oh god dont remind me!
I had a machine that was not bitlockered but HAD been using Intel fake raid, which all got messed up with macrium reflect images not supporting Intel fake raid and the users also messing up the machine thus requiring me to restore an untested image to the machine rather than having them sort out the driver issues they created.
Ended up with a totally borked UEFI and windows boot config. Took me most of a day to sort out as windows recovery environment as usual was totally inept and useless, guides on the web on how to regenerate the windows boot config on the "newly and manually created in Linux EFI partition" all didnt work as they only worked for specific versions of windows.
It was a bloody mess of browser tabs and lost of reading and failures. I was very nostalgic about the good old MBR days, with a boot loaded installed in the first sector of a drive or partition.
My home systesm still use that.
On paper UEFI looks great, but thats on paper. The paper is not what was implemented by far.