Aidan Khoury of Quarkslab has updated UEFI-Bootkit. Only change to the project in the last year was update to readme, with more info. It is worth reading the USRT review of this bootkit, in the above URL.
UEFI-Bootkit: A small bootkit designed to use zero assembly. Make sure to compile the driver as an EFI Runtime driver (EFI_RUNTIME_DRIVER) or else the bootkit will be freed once winload.efi calls ExitBootServices! Thanks to pyro666, dreamboot, and VisualUEFI.
I just noticed a new UEFI bootkit on Github which I’d never heard of:
“UEFI-Bootkit: A small bootkit designed to use as little ASM as possible. Thanks to pyro666”
I sent a FYI to the UEFI Security group before posting about it to this blog, in the name of responsible disclosure. Dick Wilkins of Phoenix Technologies– and of the UEFI Forum’s Security Response Team (USRT) — replied with his input on the code:
“I just took a quick look at this code in github. It looks like the typical UEFI application that changes the configuration and could cause unexpected things to boot. The unexpected stuff could damage the system and then continue to boot up normally but compromised. This is exactly why Secure Boot was needed. If Secure Boot is disabled (or not implemented), there are many ways to insert code into the boot path and compromise a system. If Secure Boot is enabled, this code and any code like it would not be properly signed and would never run. There is nothing new here. This is why end users must be discouraged from disabling secure boot and running non UEFI Secure Boot aware systems.”