logo

PKfail Secure Boot bypass lets attackers install UEFI malware

PKfail

Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware.

As the Binarly Research Team found, affected devices use a test Secure Boot "master key"—also known as Platform Key (PK)—generated by American Megatrends International (AMI), which was tagged as "DO NOT TRUST" and that upstream vendors should've replaced with their own securely generated keys.

"This Platform Key, which manages the Secure Boot databases and maintains the chain of trust from firmware to the operating system, is often not replaced by OEMs or device vendors, resulting in devices shipping with untrusted keys," the Binarly Research Team said.

The UEFI device makers who used untrusted test keys across 813 products include Acer, Aopen, Dell, Formelife, Fujitsu, Gigabyte, HP, Intel, Lenovo, and Supermicro.

Vulnerable Intel firmware
Vulnerable Intel firmware (BleepingComputer)

In May 2023, Binarly discovered a supply chain security incident involving leaked private keys from Intel Boot Guard, impacting multiple vendors. As first reported by BleepingComputer, the Money Message extortion gang leaked MSI source code for firmware used by the company's motherboards.

The code contained image signing private keys for 57 MSI products and Intel Boot Guard private keys for another 116 MSI products.

Earlier this year, a private key from American Megatrends International (AMI) related to the Secure Boot "master key" was also leaked, affecting various enterprise device manufacturers. The impacted devices are still in use, and the key is being used in recently released enterprise devices.

PKfail impact and recommendations

As Binarly explains, successfully exploiting this issue allows threat actors with access to vulnerable devices and the private part of the Platform Key to bypass Secure Boot by manipulating the Key Exchange Key (KEK) database, the Signature Database (db), and the Forbidden Signature Database (dbx).

After compromising the entire security chain, from firmware to the operating system, they can sign malicious code, which allows them to deploy UEFI malware like CosmicStrand and BlackLotus.

"The first firmware vulnerable to PKfail was released back in May 2012, while the latest was released in June 2024. Overall, this makes this supply-chain issue one of the longest-lasting of its kind, spanning over 12 years," Binarly added.

"The list of affected devices, which at the moment contains almost 900 devices, can be found in our BRLY-2024-005 advisory. A closer look at the scan results revealed that our platform extracted and identified 22 unique untrusted keys."

To mitigate PKfail, vendors are advised to generate and manage the Platform Key by following cryptographic key management best practices, such as Hardware Security Modules.

It's also essential to replace any test keys provided by independent BIOS vendors like AMI with their own safely generated keys.

Users should monitor firmware updates issued by device vendors and apply any security patches addressing the PKfail supply-chain issue as soon as possible.

Binarly also published the pk.fail website, which helps users scan firmware binaries for free to find PKfail-vulnerable devices and malicious payloads.


Free security scan for your website