Security News > 2024 > July > PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware.
As the Binarly Research Team found, affected devices use a test Secure Boot "Master key"-also known as Platform Key-generated by American Megatrends International, which was tagged as "DO NOT TRUST" and that upstream vendors should've replaced with their own securely generated keys.
"This Platform Key, which manages the Secure Boot databases and maintains the chain of trust from firmware to the operating system, is often not replaced by OEMs or device vendors, resulting in devices shipping with untrusted keys," the Binarly Research Team said.
The code contained image signing private keys for 57 MSI products and Intel Boot Guard private keys for another 116 MSI products.
Earlier this year, a private key from American Megatrends International related to the Secure Boot "Master key" was also leaked, affecting various enterprise device manufacturers.
As Binarly explains, successfully exploiting this issue allows threat actors with access to vulnerable devices and the private part of the Platform Key to bypass Secure Boot by manipulating the Key Exchange Key database, the Signature Database, and the Forbidden Signature Database.