Secure Boot bypass in EDK2 based Virtual Machine firmware

Secure Boot bypass in EDK2 based Virtual Machine firmware

Open Source Security [[{„value“:“

Posted by Mate Kukri on Feb 14

Hello,

We have identified a vulnerability resulting from an insecure default
configuration of OVMF/AAVMF
and similar firmware as used in Ubuntu’s edk2 package, the firmware
used by LXD, and potentially other similar software.

Said EDK2 based firmwares implement UEFI Secure Boot functionality but
also contain a copy of the UEFI Shell,
this gives an OS resident attacker (without physical access or
pseudo-physical access) the ability to…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert