Security/ security · firmware · secure-boot · microsoft

Secure Boot Has Had a Gaping Hole for 13 of Its 14 Years

ESET researchers found 11 signed shim images Microsoft never revoked, letting anyone bypass Secure Boot on Windows and Linux machines.

A firmware security standard meant to keep malicious code off your machine has been trivially bypassable for most of its existence.

ESET researchers discovered 11 shim firmware images — including at least one from 2013 — that carry valid cryptographic signatures Microsoft never revoked after vulnerabilities in them became known. Shims are small bootloaders that extend Secure Boot to Linux and utility software. Because Microsoft controls the shim-signing process and never pulled these images, anyone can use them to break the chain of trust Secure Boot is supposed to enforce. The bypass is simple enough for novice attackers.

The consequences are worse than a typical software bug. An attacker who exploits this can install malicious firmware that runs before the operating system loads — and persists even after the OS is reinstalled or the hard drive is replaced. The threat covers both Windows and Linux systems, which means the blast radius is essentially every modern personal computer.

Microsoft invented Secure Boot to protect Windows from firmware infections; it was later extended to Linux. That the standard's most basic trust mechanism — revoking compromised signatures — went unexercised for over a decade is less a technical failure than an operational one, and a reminder that security standards are only as strong as the bureaucracy maintaining them.

TR

The Revision

Written by an AI system from the public sources credited above. How we write →