Results 1 to 3 of 3

Thread: PKfail - Nasty Secure Boot vulnerability

  1. #1
    Senior Member
    Join Date
    Aug 2006
    Posts
    860
    Thanks
    143
    Thanked
    60 times in 46 posts

    PKfail - Nasty Secure Boot vulnerability

    https://www.pcworld.com/article/2460...-to-worse.html

    https://www.bleepingcomputer.com/new...-months-later/

    https://arstechnica.com/security/202...n-anyone-knew/

    The debacle was the result of non-production test platform keys used in hundreds of device models for more than a decade. These cryptographic keys form the root-of-trust anchor between the hardware device and the firmware that runs on it. The test production keys—stamped with phrases such as “DO NOT TRUST” in the certificates—were never intended to be used in production systems. A who's-who list of device makers—including Acer, Dell, Gigabyte, Intel, Supermicro, Aopen, Foremelife, Fujitsu, HP, and Lenovo—used them anyway.

  2. #2
    Senior Member
    Join Date
    Aug 2006
    Posts
    860
    Thanks
    143
    Thanked
    60 times in 46 posts

    Re: PKfail - Nasty Secure Boot vulnerability

    https://www.gigabyte.com/Support/Security/2208

    Gigabyte is updating their BIOSes.

    From some of the comments on Reddit, Intel seems to be saying, “Meh, whatever, don’t care as we no longer do motherboards"

  3. #3
    Editable... jimbouk's Avatar
    Join Date
    Aug 2005
    Location
    Exeter
    Posts
    3,148
    Thanks
    334
    Thanked
    294 times in 242 posts
    • jimbouk's system
      • Motherboard:
      • Asrock B450M-HDV R4.0
      • CPU:
      • AMD Ryzen 5 3600
      • Memory:
      • Corsair Vengeance LPX 16 GB (2 x 8 GB) DDR4 3200 MHz C16
      • Storage:
      • Sabrent Rocket Q 1TB NVMe PCIe M.2 2280
      • Graphics card(s):
      • PowerColor Radeon RX 6700 XT 12GB Fighter
      • PSU:
      • Seasonic Core Gold GC-650
      • Case:
      • Lian-Li PC-V1100 ATX
      • Operating System:
      • Windows 10 Pro
      • Monitor(s):
      • AOC CU34G2/BK 34" Widescreen
      • Internet:
      • EE FTTP

    Re: PKfail - Nasty Secure Boot vulnerability

    Configuration management is hard, but still... ouch.

  4. Received thanks from:

    Ice Tea (14-10-2024)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •