4

After my old PC kicked the bucket I now own my first UEFI board and I am already having trust issues. I utilized Truecrypt's system encryption for years now and really got used to it. My new board has no legacy boot option but supports legacy devices so I was able to install Windows 7 into a MBR partition and encrypt it with Truecrypt.

But the UEFI seems really sophisticated and from what I hear it has a lot of memory available so I would like to know if it potentially compromises encryption used on this computer. I am aware of potential UEFI-malware and that is not what I want to know about.

What I'd like to know is wether UEFI does ANYTHING that would allow a potential attacker with physical access to this PC to decrypt the system or encrypted volumes used with it. Does it create any kind of potentially dangerous logs, does it create memory dumps, store keys created by the AES-NI extension of the CPU?

I would appreciate any kind of advice here!

RainerW
  • 41
  • 2
  • "Trust issues" pretty aptly sums up my objection to UEFI as a concept -- as in, I don't trust either the hardware manufacturers or Microsoft who's insisting on it. – Shadur Jun 20 '15 at 13:05

4 Answers4

1

If you're asking if UEFI add additional attack vectors against TrueCrypt vs. a non-UEFI BIOS, the answer is probably no. Running TrueCrypt on a UEFI-enabled computer with the UEFI code signing turned off is no less secure that a computer without UEFI.

longneck
  • 273
  • 1
  • 8
1

Already before UEFI, infected firmware could do what it wanted, including spying on you. What changed, is that UEFI now has a network stack, making writing payloads much easier.

Also, if you have attackers with physical access, you have already lost.

Community
  • 1
user10008
  • 4,315
  • 21
  • 33
0

If you are asking whether UEFI compromises a PC physical access, or if it creates any kind of potentially dangerous logs requires further clarification. Every PC with Windows 8 or later uses UEFI as part of its licensing requirement. UEFI Secure Boot in Win10 validates programs before execution.If you have to dual boot Win10 and Linux then linux require a digital certificate. Windows Defender checks for validity of certificates, on top of antispyware, bot detection and prevents rootkits with its anti-rootkits software. It does not potentially compromises encryption.

BitsInForce
  • 305
  • 1
  • 10
0

Well... if attacker had physical access, then they'd probably find UEFI easier to hack than BIOS. UEFI is a more complex OS than BIOS was. An attacker could add a background Runtime Service that watched you and phoned home. An attacker could also do that with BIOS, they'd just have to hook interrupts. You can use Intel's CHIPSEC and the UEFItool to dump your ROM and examine it for changes, like any new malware. http://firmwaresecurity.com/2015/07/27/index-to-tool-review-blogs/ Thanks, Lee

Lee Fisher
  • 114
  • 2