milicent_bystandr,

So, does this affect dual boot systems, if e.g. Windows is compromised, now that malware in the efi partition can compromise the Linux system next time it boots? Yikes!

I suppose in principle malware from one OS can attack the other anyway, even if the other is fully encrypted and/or the first OS doesn’t have drivers for the second’s filesystems: because malware can install said drivers and attack at least the bootloader - though that night have been protected by secure boot if it weren’t for this new exploit?

elscallr,
@elscallr@lemmy.world avatar

It would effect any UEFI based system regardless of OS from one of the affected manufacturers (which is basically all of them).

milicent_bystandr,

But I mean, this attack can go cross-OS? I.e. a successful attack on one OS on the dual boot machine can, via UEFI infect the other OS?

Nyfure,

Yes, it can execute code regardless of OS installed because it persists on the Mainboard and loads before any OS, making it possible to inject code into any OS.

millie,

Aaa! Name thief!

milicent_bystandr,

Don’t worry, I’m just on standby.

buwho,

is it common practice to have a web browser or media player running with elevated permissions? seems like a strange thing to do…

Acters,

Very unlikely unless there is an elevated privilege exploit to use alongside this

Hagarashi8,

I may be wrong, but does it mean that if someone is able to modify my uefi - they would be able to inject virus in booting image?

BellaDonna,

Yes, that is exactly the implication

westyvw,

Is this potentially useful to me? Since it is persistent, can I use it on this motherboard I have over here that insists on using UEFI even if I do not want to?

plinky,
@plinky@hexbear.net avatar

damn 😱

redd,
@redd@discuss.tchncs.de avatar

Don’t panic!

olafurp,

On Linux/Mac you have no use sudo. For sudo you need a password.

This thing will make it very easy to make a rubber ducky though.

HiddenLayer5, (edited )
@HiddenLayer5@lemmy.ml avatar

Would be pretty easy to pull off if you had hardware access. Just boot from a flash drive and drop the exploit from there.

Even if their OS is full disk encrypted, this can easily inject a backdoor or just keylog the bootup password prompt.

kelvie,

So I don’t get it, I have my entire boot image in a signed EFI binary, the logo is in there as well. I don’t think I’m susceptible to this, right? I don’t think systemd-boot or the kernel reads an unsigned logo file anywhere. (Using secure boot)

clmbmb,

This is way before reaching your bootloader. It’s about the manufacturer logo that’s displayed by UEFI while doing the whole hardware initialization.

kelvie,

That’s… Stored in the EFI partition or changeable in userspace?

clmbmb,

Depending on how the UEFI is configured, a simple copy/paste command, executed either by the malicious image or with physical access, is in many cases all that’s required to place the malicious image into what’s known as the ESP, short for EFI System Partition, a region of the hard drive that stores boot loaders, kernel images, and any device drivers, system utilities, or other data files needed before the main OS loads.

(from the article)

kelvie,

Right, I know EFI images are stored in the EFI partition, but with secure boot, only signed images can be executed, so they’d need to steal someone’s signing key to do this.

Truck_kun,

I actually am in the market for a new mobo and cpu.

Are there any mobo’s nowdays that don’t use UEFI? I just want an old traditional style BIOS with a jumper to restore it from a ROM chip if I get any malware, so I can actually trust my hardware.

I did force myself to deal with UEFI for the sake of windows, but gaming has gotten good enough on Linux, I don’t actually need to dual boot windows anymore.

Am I asking too much?

yum13241,

No, and trying to use a pure BIOS system these days is a headache.

You can always just reflash your firmware from a trusted OS via FWUPD.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • linux@lemmy.ml
  • localhost
  • All magazines
    •
    Loading…
    Loading the web debug toolbar…
    Attempt #