Techly NewsGet the app

Get the latest tech news

Compromising the Secure Boot Process


This isn’t good: On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022.

The encrypted file, however, was protected by a four-character password, a decision that made it trivial for Binarly, and anyone else with even a passing curiosity, to crack the passcode and retrieve the corresponding plain text. The disclosure of the key went largely unnoticed until January 2023, when Binarly researchers found it while investigating a supply-chain incident. These keys were created by AMI, one of the three main providers of software developer kits that device makers use to customize their UEFI firmware so it will run on their specific hardware configurations.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Secure Boot Process

Secure Boot Process

« So You're Thinking About Monetizing Your Blog – Loren's Blog
Kids Online Safety Act passes Senate despite concerns it will harm kids »