UEFI and Secure Boot Vulnerabilities Again New details about CVE-2024-7344, patched during January's Patch Tuesday, raise concerns about the entire UEFI digital signature infrastructure. An unsafe component, reloader.efi, was used in a number of legitimate system maintenance or recovery applications (such as Radix SmartRecovery, Sanfong EZ-back, and a dozen others), which loaded images into memory without checking their digital signatures. bleepingcomputer.com/news/se… Instead of using the standard LoadImage and StartImage functions, the authors of reloader.efi wrote their own image loader, which executes a payload from a primitively encrypted file, cloak.dat, without analyzing its contents. By replacing cloak.dat, a bootkit can be installed on the system. Even if none of the vulnerable applications are installed on the system and Secure Boot is enabled, an attacker can still achieve their goal by supplying malware with a vulnerable version of reloader.efi. Naturally, this requires local administrator privileges. The vulnerability was addressed by adding the dangerous versions of reloader.efi to the UEFI revocation list. This is a good step, but it doesn't answer who and how at Microsoft reviews drivers and applications loaded from UEFI, how many vulnerable binaries have yet to be discovered by researchers, and how to fix all this before tens of millions of computers need updates related to the expiration of Microsoft's 2011 UEFI certificates. uefi.org/sites/default/files… #vulnerabilities #Microsoft #UEFI #PatchTuesday #cybersecurity

ldd でcoffを吐けばUEFIでLoadImage/StartImageできるとか言ってるけど、そうなの?

Oh I see they've used the shell because they literally just construct a string to execute the command and pass that to the shell parser rather than calling LoadImage and StartImage themselves amazing this is the equivalent of binaries that just do stuff like system("mkdir")

An off-the-shelf Ubuntu image can boot from the EFI compatible firmware fully written in Rust. The image uses shimx64.efi to support UEFI Secure Boot. It requires LoadImage () and StartImage () to load second stage bootloader. github.com/retrage/rust-hype…

efibootで.efiをbootできるbootefiコマンドが求められている気がしている。LoadImage()→StartImage()すれば良いん?

Thanks to @honorary_bot, you simply have to use UEFI services and call a set of APIs to chainload another EFI application. Here is the relevant code in Bareflank: github.com/Bareflank/hypervi… - LoadImage() - HandleProtocol() - StartImage() 🎉

Beaux comme la présentation des nouveaux camions @MANTruckBusSA #monthlery #autodrome #startimage