Follow
@rysiek@mastodon.technology "*this UEFI implant seems to have been used in the wild since the end of 2016 -- long before UEFI attacks started being publicly described*", uhm hello I'm right here. https://trmm.net/Thunderstrike_31c3/
@th @rysiek Huh .. so the UEFIs own code isn't validated through any key/signature in a burned-in ROM somewhere? I mean, you could get past the entire secure booth process with this type of exploit, right? Can the UEFI firmware be signed/validated, and if not, how would motherboard manufactures/BIOS companies mitigate this attack? Can they?
@djsumdog @rysiek@mastodon.technology CPU features like BootGuard, if correctly used by the OEM, would prevent this sort of attack. Not all vendors have configured it right, and sometimes Intel's reference code has had issues. Two of mine and my notes: https://trmm.net/TOCTOU/ https://trmm.net/Sleep_attack/ and https://trmm.net/Bootguard/
@rysiek@mastodon.technology *technically* I was talking about an *EFI* implant, although even then I was very late to the party