• Speiser0@feddit.org
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    1
    ·
    4 days ago

    What the “How do attackers get in?” part doesn’t mention: What attackers actually need to get in.

    For Boot Hole for example (taken from here: https://access.redhat.com/security/vulnerabilities/grub2bootloader):

    In order to load an untrusted or modified kernel, an attacker would first need to establish access to the system such as gaining physical access, obtain the ability to alter a pxe-boot network, or have remote access to a networked system with root access.

    • tias@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      1
      ·
      3 days ago

      Or just leak the signing keys like they did with MSI. That quote describes the theory, but there are tons of shit-for-brains humans that can screw it up. The UEFI attack surface is much bigger than it has any right to be.

      • LOLseas@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        9 hours ago

        Oh man, I think you may have given me the clue I needed. On my second MSI X570s Max Edge WiFi board this year, because of what I believed was a UEFI/BIOS Rootkit. Strange things keep surviving complete wipes/reinstalls of my OS. Secureboot disabled/enabled, doesn’t matter. Plagued (among other annoyances) with some 10s sound clips that randomly play, network usage monitor showing I’m downloading half a TB a day, uploading a 1/4th of that, etc. ClamAV finding some Unix.Ransomware.eCh0raix process running (first install)…

        Could you have solved my headache? Switch motherboard vendors altogether? Is my board affected? I built this thing less than a year ago, and money is tight. Need to stay on X570 chipset, too much invested in this AM4 build.