0

About secure boot, I've visited intel's website and they said:

The feature defines an entirely new interface between operating system and firmware/BIOS. When enabled and fully configured, Secure Boot helps a computer resist attacks and infection from malware.

So, if my firmware and/or BIOS is infected, does this mean that if I type a password (for example encryption password for linux) when secure boot is enabled it won't be recorded by infected BIOS and/or firmware ?

nobody
  • 11,251
  • 1
  • 41
  • 60
Light
  • 1
  • 1
  • 1
    Under secure boot, your laptop will refuse to boot if UEFI is tampered with. It will throw you into UEFI recovery to flash last known good image. – defalt Nov 18 '21 at 16:01
  • But @CBHacking states here https://security.stackexchange.com/questions/102554/how-do-rootkits-other-low-level-malware-still-manage-to-load-on-systems-protec that secure boot code can be tampered and so other scenarios for secure boot failure. Could you explain me more how system knows if UEFI image is tampered – Light Nov 18 '21 at 16:08
  • your secure boot code should not be tamperable with. Everything else is a design fault of the hardware. Of course, if that code has bugs, that breaks security and bugs might be allowing an attacker to do things like somehow making the system boot a modified UEFI. But this is a pretty steep requiremnt. – Marcus Müller Nov 18 '21 at 16:18
  • @Marcus thanks for the information. – Light Nov 18 '21 at 16:19
  • @Light it's basically: "If implemented correctly, secure boot protects you from booting firmware that's not signed, but we can't prove it's implemented correctly" – Marcus Müller Nov 18 '21 at 16:20
  • @Marcus i think that answers my question, thanks. – Light Nov 18 '21 at 16:22

0 Answers0