IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [uefi]

Unified Extensible Firmware Interface: The interface between the OS and the hardware, and the place where hardware encryption is performed.

72 questions
27
votes
4 answers

How Do Rootkits & Other Low-Level Malware Still Manage to Load on Systems Protected by Secure Boot (and TB/MB)?

Let me try asking my question this way... Let's say that I'm a offensive cyber Bad Guy working for a foreign state-sponsored Advanced Persistent Threat unit. My unit is charged with, say, stealing high-value intellectual property from American…
mostlyinformed
  • 2,715
  • 16
  • 38
19
votes
3 answers

How secure is Microsoft-mandated UEFI Secure Boot, really?

I've read a few articles recently about the UEFI Secure Boot feature, and how Microsoft will be requiring it to be enabled by default on all Windows 8 certified x86 systems. In theory, it sounds like a good idea - the system will check the boot…
Iszi
  • 26,997
  • 18
  • 98
  • 163
18
votes
2 answers

Can BIOS malware be installed from OS?

Can an OS vulnerability be exploited to install BIOS/UEFI/firmware malware (such as a keylogger)? I know BIOS is a "deeper" level than the OS. I know firmware based keyloggers exist. I know they can be installed by an adversary flashing the BIOS.…
Emma
  • 181
  • 1
  • 1
  • 3
13
votes
2 answers

What is the "ThinkPwn" vulnerability and what does it allow attackers to do?

Recently the ThinkPwn firmware vulnerability has been disclosed, with a proof of concept and a quite long explanation. However, can anyone explain in layman's terms (without requiring extensive knowledge on how firmware works) what this allows an…
André Borie
  • 12,706
  • 3
  • 39
  • 76
12
votes
3 answers

How is hibernation supported, on machines with UEFI Secure Boot?

I've been learning about UEFI Secure Boot, which attempts to prevent "bootkits" by locking down the boot process so that only signed bootloaders and kernels can be loaded. Hibernation seems like a major attack vector. Hibernation (also known as…
D.W.
  • 98,420
  • 30
  • 267
  • 572
12
votes
4 answers

My Samsung SSD password is case insensitive, how does this affect Full Disk Encryption?

I have a Samsung Evo 850 SSD, the 500GB model and it's supposed to benefit from Full Disk Encryption (FDE). Once you set a HDD password in the BIOS the FDE is supposed to kick in. However, I was surprised to discover that the password for my HDD is…
Radu Potop
  • 223
  • 1
  • 5
11
votes
3 answers

What use does a BIOS/EFI password have?

I have become quite a password-obsessed individual. I password-protect my HDDs, my files, and now even the BIOS/EFI on the various systems I own. But I have discovered that if you forget your BIOS password, it is easy (enough) to simply reset…
connor
  • 111
  • 3
11
votes
3 answers

Can a physical attacker compromise a Windows machine with UEFI, secure boot and bitlocker?

Machines such as the MS Surface Pro 3 comes with bitlocker encryption and UEFI secure boot out of the box. However, the default boot order is network -> usb -> ssd. If an attacker gets physical access to the machine (while it is locked or…
Kevin Lee
  • 456
  • 4
  • 12
9
votes
2 answers

UEFI Firmware integrity measurement

We know that UEFI measures the OS bootloader image integrity every time we power on our computer if secure boot is enabled. With the growing attacks and discoveries of UEFI vulnerabilities, the following questions arise: I want to know if there's a…
kub0x
  • 365
  • 1
  • 9
7
votes
1 answer

What does a signed Linux kernel image get me?

On Ubuntu and possibly Debian systems, you can install packages which contain images which are signed by Ubuntu's EFI key. For example, linux-signed-image-generic-lts-trusty is one of these packages. Say I have a fully-encrypted disk and an…
Naftuli Kay
  • 6,715
  • 9
  • 47
  • 75
7
votes
2 answers

Is it possible to make a laptop useless to thieves?

I was robbed... That included my Linux notebook and my company's notebook. Both are encrypted. Mine is encrypted with LVM over LUKS, using a passphrase to unlock the hard drive once the kernel has been started by the UEFI. But Secure Boot was…
Cilyan
  • 183
  • 6
7
votes
8 answers

MacOS Ransomware with EFI Lock

Problem Description Yesterday my mother called me that she got a message on her iPhone, that it was stolen (iCloud Find My Phone). She then had to enter security codes (two-factor authentication) into a textfield on her MacBook. I was not there at…
cansik
  • 211
  • 1
  • 2
  • 8
6
votes
2 answers

Questions regarding Rakshasa

Regarding Jonathan Brossard's Hardware Backdooring is practical talk at Def Con 20 in 2012: What does the developer mean by "The payload is booted via Networkboot"? How does the bootkit (a modified version of Kon-Boot) infect the connected hard…
Junior J. Garland
  • 677
  • 5
  • 15
6
votes
1 answer

How does UEFI Secure Boot prevent "evil twin" spoofing attacks?

I've been learning about UEFI Secure Boot. It is designed to prevent malware from infecting the boot process and overwriting the bootloader. It has hardware-level protections to ensure that only a signed, trusted bootloader and OS kernel will be…
D.W.
  • 98,420
  • 30
  • 267
  • 572
6
votes
3 answers

How do I use a TPM to protect my BIOS/EFI from "remote" attacks

I have a work/gaming computer. The work side is a SSD with linux and the game side is a SSD with Win7 (all security turned off, planning to get viruses and rewipe every LAN). Only one of the drives is physically plugged in at a time. So long as…
Mikey
  • 161
  • 1
  • 4
1
2 3 4 5