oss-sec mailing list archives
Re: Secure Boot bypass in EDK2 based Virtual Machine firmware
From: Mate Kukri <mate.kukri () canonical com>
Date: Wed, 14 Feb 2024 15:56:15 +0000
In the case of these OVMF/AAVMF images I believe the only other built-in application accessible is the firmware setup utility and boot selector. These obviously provide many capabilities, but require a user present at the console to access, and to the best of my knowledge not vulnerable to this attack. For firmware images provided by other vendors or distributors, I have no idea. On Wed, Feb 14, 2024 at 3:52 PM Yves-Alexis Perez <corsac () debian org> wrote:
On Wed, Feb 14, 2024 at 03:47:23PM +0000, Mate Kukri wrote:That is correct in the general case, but here the issue comes from the fact that a copy of the Shell was included in the firmware image itself, and as a built-in application was implicitly trusted.Ah, thanks for the clarification, I didn't know about the implicit trust on "built-in applications". Out of curiosity, are there other such applications, which could be abused? Regards, -- Yves-Alexis Perez
Current thread:
- Secure Boot bypass in EDK2 based Virtual Machine firmware Mate Kukri (Feb 14)
- Re: Secure Boot bypass in EDK2 based Virtual Machine firmware Yves-Alexis Perez (Feb 14)
- Re: Secure Boot bypass in EDK2 based Virtual Machine firmware Mate Kukri (Feb 14)
- Re: Secure Boot bypass in EDK2 based Virtual Machine firmware Yves-Alexis Perez (Feb 14)
- Re: Secure Boot bypass in EDK2 based Virtual Machine firmware Mate Kukri (Feb 14)
- Re: Secure Boot bypass in EDK2 based Virtual Machine firmware Mate Kukri (Feb 14)
- Re: Secure Boot bypass in EDK2 based Virtual Machine firmware Yves-Alexis Perez (Feb 14)