From PC World: A couple of months ago, we reported on the PKfail vulnerability in Secure Boot — a security issue that stems from hardware manufacturers shipping devices with known compromised software.
After digging deeper, the original security researchers have discovered that it’s a much bigger problem than even they had initially guessed.
In case you missed the original story, here’s a quick summary: The code that gets you past Secure Boot encryption (so you can load up software in a pre-boot environment) was leaked on an open repository back in 2022. Despite that being a known issue, manufacturers continued to ship devices with compromised security. In fact, many of them shipped with pre-production warnings like “DO NOT TRUST” still in the firmware.
As Ars Technica reports, the original publisher Binarly and other security researchers have found many more devices that are susceptible to the PKfail exploit. The list of vulnerable devices has ballooned to almost four times the original research, now including almost a thousand individual models of desktops, laptops, and other x86-based hardware.
View: Full Article