PKfail - Nasty Secure Boot vulnerability

[Ice Tea]

'PKfail' Secure Boot disaster just went from bad to worse

The Secure Boot vulnerability has been found to reach devices including ATMs, medical devices, and even voting machines.

www.pcworld.com

PKfail Secure Boot bypass remains a significant risk two months later

Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks.

www.bleepingcomputer.com

Secure Boot-neutering PKfail debacle is more prevalent than anyone knew

Keys were marked “DO NOT TRUST.” More devices than previously known used them anyway.

arstechnica.com

The debacle was the result of non-production test platform keys used in hundreds of device models for more than a decade. These cryptographic keys form the root-of-trust anchor between the hardware device and the firmware that runs on it. The test production keys—stamped with phrases such as “DO NOT TRUST” in the certificates—were never intended to be used in production systems. A who's-who list of device makers—including Acer, Dell, Gigabyte, Intel, Supermicro, Aopen, Foremelife, Fujitsu, HP, and Lenovo—used them anyway.

 

[Ice Tea]

PKfail Vulnerability for consumer motherboard products | Security & Technical Advisory - GIGABYTE Global

GIGA-BYTE Technology Co., Ltd. acknowledges the recent concerns regarding the vulnerability known as "PKfail," which impacts multiple obsolete GIGABYTE/AORU...

www.gigabyte.com

Gigabyte is updating their BIOSes.

From some of the comments on Reddit, Intel seems to be saying, “Meh, whatever, don’t care as we no longer do motherboards"