CISA Issues Guidance on Secure Boot Bypass in UEFI Apps
Multiple vendor-signed UEFI applications have a Secure Boot bypass issue that can allow arbitrary code execution during the early pre-boot phase, before the operating system loads, on systems that trust the affected vendor’s certificate.
The Unified Extensible Firmware Interface (UEFI) standard describes the firmware architecture used to initialize hardware and hand off control to the operating system during system startup. When Secure Boot is enabled, UEFI applications and drivers must be cryptographically signed and verified before execution, and trust for those signatures is managed through firmware databases, including the authorized signature database (DB). Researchers identified UEFI applications and functions including Acer “GRUB2” insmod with Authenticode SHA hash 71DCE405964C67779DB92DBC01F683D6E29075AB and SHA256 file hash 6cc0e9501420ec036f0ad74df2d17f4d6360f26585f265042537b9f8c2780c30; Acer “UEFI shell” mm,dmpstore with Authenticode SHA hashes D275C2DFD884D2B7842C7F861C527A9FFC6E59DD and 42C4923E676A9FD0A93C08631AD7A8244A8F2174 and SHA256 file hashes b0af2158f11535d8458b8497a35e96d5afc76e43825f255d2d6aa2da74bad883 and 0784c30a83bfcc45bf42804e5729323987957f0a104fcb693d0ff10d76d5b42c; and additional “UEFI shell” mm,dmpstore and mm,setvar entries for Acer Emdoor, AMD, ASUS schenker-tech.de(XMG), ECS, Getac, GIGABYTE Maibenben, Toshiba, and Uniwill Maingear schenker-tech.de(XMG), each with the Authenticode SHA hashes and SHA256 file hashes provided in the advisory table. The bypass is described as “Bring Your Own Vulnerable Driver” (BYOVD)-style abuse where a target can trust the vendor certificate, enabling an attacker to exploit these applications to execute unverified code prior to OS initialization.
This vulnerability only affects systems where the specific affected vendor’s certificate is trusted in the UEFI Authorized Signature Database (DB). On such systems, an attacker with administrative privileges or physical access could use the vulnerable application to bypass Secure Boot protections and execute arbitrary code before the operating system loads. Code executed in this early phase can achieve persistent platform compromise, including the ability to load unsigned or malicious kernel components that survive system reboots and operating system reinstallations. Because execution occurs before the operating system and endpoint security products initialize, malicious code may evade detection by standard security controls and endpoint detection and response (EDR) solutions.
Apply the latest firmware and software updates provided by the hardware or software vendor, where updated packages replace vulnerable UEFI applications with corrected versions that incorporate the latest upstream security fixes. Additionally, update and verify the UEFI DBX on affected systems so the vulnerable binaries are revoked and cannot execute during the boot process.
To neutralize the risk, the affected binaries are added to vendor-specific DBX revocation lists to prevent them from executing on the target systems. The advisory attributes research and reporting to Martin Smolar of ESET and states the document was written by Vijay Sarvepalli.