this post was submitted on 27 Nov 2024
255 points (95.7% liked)

Technology

59756 readers
2800 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
255
Found in the wild: The world’s first unkillable UEFI bootkit for Linux (arstechnica.com)
submitted 6 days ago by purrtastic@lemmy.nz to c/technology@lemmy.world
39 comments fedilink hide all child comments
 

“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. “Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.”

you are viewing a single comment's thread
view the rest of the comments
[–] Illecors@lemmy.cafe 74 points 6 days ago* (last edited 6 days ago) (25 children)

The Bootkitty sample ESET found is unable to override a defense, known as UEFI Secure Boot, that uses cryptographic signatures to ensure that each piece of software loaded during startup is trusted by a computer's manufacturer.

AKA not that big of a deal, yet. An article from another post about this also mentions GRUB explicitly as a requirement as well as PoC using self signed keys, which renders it sort of impossible to abuse.

UKI + your own keys + secure boot is still not broken.

[–] fuckwit_mcbumcrumble@lemmy.dbzer0.com 54 points 6 days ago (15 children)

Unfortunately a lot of people in the Linux world still hate secure boot because they associate it with locking your PC to only running windows. Never mind the fact that basically every big Linux distro plays nicely with secure boot these days, and has for a while now.

[–] Shdwdrgn@mander.xyz 36 points 6 days ago (8 children)

I associate it with the fight I've had every single time I tried to use it. It's never been a smooth process on any server I attempted to use it on. Usually I either run into problems with a system not wanting to properly boot the memory stick even with a full UEFI image flashed to it, or if I do get that to work I go through the whole installation process only to find the system unbootable for whatever reason. Eventually I just give up and do a standard installation because why should I have to work this hard to put an OS on a machine?

[–] 9tr6gyp3@lemmy.world 1 points 6 days ago (1 children)

Check out sbctl

[–] Shdwdrgn@mander.xyz 1 points 6 days ago (1 children)

Shouldn't this all be handled automatically by the Debian installer though? It seems weird that I would ever have to run other tools just to install a brand new system.

[–] 9tr6gyp3@lemmy.world 1 points 5 days ago

Oh yeah Debian has their own documentation for SecureBoot. If thats not working though, check out sbctl.

load more comments (6 replies)
load more comments (12 replies)
load more comments (21 replies)