I just noticed a new UEFI bootkit on Github which I’d never heard of:

“UEFI-Bootkit: A small bootkit designed to use as little ASM as possible. Thanks to pyro666”


I sent a FYI to the UEFI Security group before posting about it to this blog, in the name of responsible disclosure. Dick Wilkins of Phoenix Technologies– and of the UEFI Forum’s Security Response Team (USRT) — replied with his input on the code:

“I just took a quick look at this code in github. It looks like the typical UEFI application that changes the configuration and could cause unexpected things to boot. The unexpected stuff could damage the system and then continue to boot up normally but compromised. This is exactly why Secure Boot was needed. If Secure Boot is disabled (or not implemented), there are many ways to insert code into the boot path and compromise a system. If Secure Boot is enabled, this code and any code like it would not be properly signed and would never run. There is nothing new here. This is why end users must be discouraged from disabling secure boot and running non UEFI Secure Boot aware systems.”



UEFI Forum plugfest videos online

The PDFs of the presentations were uploaded earlier, now the videos are online on YouTube.

The presentations are all very interesting. The Microsoft talk gives more background on clarifying the “Secure Boot” golden keys being leaked. Style points go to that speaker with his ‘golden key’ necklace. 🙂





UEFI Forum publishes plugfest presentation PDFs

Recently the UEFI Forum had a plugfest. They just uploaded the slides of the presentations. I think the videos are expected in a few weeks as well.

UEFI Fall Plugfest – September 20-22, 2016
* Redfish Configuration of UEFI HII Settings – Mike Rothman (Intel) and Samer El Haj Mahmoud (Lenovo)
* Out of Band BIOS Remote Management – Matthew Krysiak (AMI)
* UEFI Forum Update – Dong Wei (HPE)
* Microsoft UEFI Security Updates – Scott Anderson, Suhas Manangi, Nate Nunez, Jeremiah Cox, and Michael Anderson (Microsoft)
* Tianocore 2016 Updates -Tony Mangefeste (Intel)
* UEFI Network and Security Update – Vincent Zimmer (Intel)
* Updated TCG TPM 2.0 Specs – Dick Wilkins (Phoenix Technologies Ltd.)
* ARM Trusted Firmware ARM UEFI SCT Update – Charles Garcia-Tobin (ARM)



UEFI Forum updates PI spec

There’s a bit more to be gleaned from reading the above two twitter threads.



UEFI plugfest in Seattle next week

(Next week’s plugfest will be the same week Intel is supposed to release their SMM updates.)


I’ll be attending this event, maybe I’ll see a few of you there. 🙂