Well… As long as I don’t reboot my computer, I’m safe. 😤
Even safer if you never boot it in the first place.
rollsafe.jpg
Shit like this is why I’m glad that AMD stays on top of BIOS updates. Built my first AMD machine in 2022 and it’s blowing my mind that my motherboard is still being supported 3 years later. (I wanted to switch sooner, but my timing between builds was always bad. Missed out on Kuma, missed out on the Athlon era when they were embarrassing the Pentium 4.) When I was with Intel, I’d be lucky to get one BIOS update, if even that.
Can’t wait for the end of the AM5 platform in a few years, when I’ll be able to upgrade my 7700X to the latest X3D chip, and practically have a brand new PC all over again.
What the “How do attackers get in?” part doesn’t mention: What attackers actually need to get in.
For Boot Hole for example (taken from here: https://access.redhat.com/security/vulnerabilities/grub2bootloader):
In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access.
Or just leak the signing keys like they did with MSI. That quote describes the theory, but there are tons of shit-for-brains humans that can screw it up. The UEFI attack surface is much bigger than it has any right to be.
Oh man, I think you may have given me the clue I needed. On my second MSI X570s Max Edge WiFi board this year, because of what I believed was a UEFI/BIOS Rootkit. Strange things keep surviving complete wipes/reinstalls of my OS. Secureboot disabled/enabled, doesn’t matter. Plagued (among other annoyances) with some 10s sound clips that randomly play, network usage monitor showing I’m downloading half a TB a day, uploading a 1/4th of that, etc. ClamAV finding some Unix.Ransomware.eCh0raix process running (first install)…
Could you have solved my headache? Switch motherboard vendors altogether? Is my board affected? I built this thing less than a year ago, and money is tight. Need to stay on X570 chipset, too much invested in this AM4 build.
Any environment that uses ipxe or maas is susceptible to these attacks
