Questions tagged [uefi]
Unified Extensible Firmware Interface: The interface between the OS and the hardware, and the place where hardware encryption is performed.
83 questions
3
votes
1
answer
624
views
Does Secureboot require an EFI password to be effective?
A lot of systems have secureboot but don't require any password to access bios/efi settings, which means you can disable secureboot without authentication.
Additionally, it seems like many Linux ...
- 131
1
vote
1
answer
210
views
Does Bitlocker provide a degree of protection from PKFail?
I have searched online, but have not been able to find anything about this.
I understand the PKFail can compromise the boot process by allowing a signed key to sign malware to insert into the UEFI, ...
- 713
0
votes
1
answer
247
views
Is the ability to use Machine Owner Keys effectively a bypass of SecureBoot security?
SecureBoot uses a PKI path to verify particular signed bootloader binaries before it runs these binaries. This PKI, as far as I understand, is basically owned by Microsoft, meaning that only Microsoft ...
- 607
2
votes
1
answer
344
views
Are there any motherboards / UEFI that support hardware encryption on SED?
I found that Thinkpads have hdd password support, which in terms uses some bizarre password hashing and ends up with 90 bits of entropy, which is again used as ATA security password to SED, which in ...
- 103
1
vote
1
answer
679
views
Why the TPM PCRs does not consider a UEFI settings change? If someone resets CMOS, it's undetected
In my laptop I've set up a bios password when I power on the laptop, and once I enter it the laptop starts my linux distro and decrypts the disk without asking any other password. To do this I've set ...
- 137
2
votes
1
answer
4k
views
What does Secure Boot protect against?
As far as I understand, Secure Boot protects system from running code not signed by a specific vendor(s) during early boot stages.
In order to attempt an attack on the bootloader in the first place, ...
- 123
0
votes
1
answer
172
views
Can I upload files to a certain website to see exactly what code they contain and what they do (heuristics)?
I want to upload files somewhere to see exactly what their behaviour is, but I’m not sure how. One of them is an EFI file. Does anyone know some website or method, like on a virtual machine, to check ...
- 1
0
votes
1
answer
234
views
Successful UEFI secure boot exploitation
Are there any real examples (malware, rootkits, etc.) of exploiting the UEFI secure boot mechanism vulnerabilities such as CVE-2022-21894?
- 3,571
0
votes
1
answer
446
views
If I disable CSM (Compatibility Support Module) in UEFI settings, will it protect me from malware that infected MBR boot sector?
As far as I understand, when in CSM mode, UEFI boots using MBR boot sector (from internal hard drive, external USB Flash drive, etc). And when in non-CSM mode, UEFI ignores whole existence of MBR boot ...
- 115
1
vote
2
answers
1k
views
Can BIOS/UEFI malware pretend that secure boot is enabled?
As the title says, can BIOS/UEFI malware pretend that secure boot is enabled? And if so, is there any point to enabling secure boot on a device that came with it disabled (or that you previously ...
1
vote
2
answers
5k
views
Full disk encryption: Legacy boot mode (MBR) vs. EFI boot mode
FDE tools like VeraCrypt will encrypt the whole system drive when the machine uses legacy boot mode (MBR). But they will only encrypt the system partition if the machine uses EFI boot mode (the EFI ...
- 1,743
4
votes
1
answer
529
views
Would secure boot block GPU if it has modified vbios?
I think that AMD GPUs can be flashed with any modded VBIOS because the GPU doesn't check for firmware signature.
Shouldn't the secure boot be able to check signature of the AMD GPUs modded VBIOS and ...
- 41
3
votes
0
answers
842
views
Secure boot + full disk encryption, should I sign the kernel?
I'm redoing my laptop installation from scratch, and this time I want a full secure boot chain.
Here's what I did so far :
Enroll my own keys in the UEFI firmware
Sign my grub bootloader
Full disk ...
- 130
-1
votes
1
answer
937
views
How can kon-boot run code in UEFI?
I've now googled a lot, but the only information I can find is 'kon-boot hides its code in BIOS memory and changes kernel-code on the fly'...
As far as I understand, UEFI initializes devices and tries ...
- 61
1
vote
3
answers
1k
views
Use old computer to run outward facing VPN server
I need to install a computer in a remote location, so that a specific unique user can remotely connect to it via Wireguard VPN. Performance requirements are very low, but security requirements are ...
- 353