NSA Lojax guidance incorrectly still says Secure Boot is a mitigation

Re: https://firmwaresecurity.com/2019/01/28/nsa-hardware-and-firmware-security-guidance-updated/

Hmm, the NDA guidance for Lojax appears to be incorrect. It mentions Secure Boot will mitigate, but a comment from Nikolaj Schlej — and I thought also a tweet from Yuriy, but I can’t find that — and later the updated research says it does not. Guess I should submit a Pull Request to NSAcyber…

https://github.com/nsacyber/Hardware-and-Firmware-Security-Guidance

“To mitigate LoJax, ensure that UEFI Secure Boot is enabled and functioning. Standard mode is sufficient. Advanced organizations can also utilize custom mode.”

https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/

Update, 9 October 2018: The remediation section of the white paper contained inaccurate information. Secure Boot doesn’t protect against the UEFI rootkit described in this research. We advise that you keep your UEFI firmware up-to-date and, if possible, have a processor with a hardware root of trust as is the case with Intel processors supporting Intel Boot Guard (from the Haswell family of Intel processors onwards).”

One thought on “NSA Lojax guidance incorrectly still says Secure Boot is a mitigation

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s