Connect with us

Tech

Secure Boot key compromised in 2022 is still in use in over 200 models — an additional 300 more use keys are marked ‘DO NOT TRUST’

Published

on

Secure Boot key compromised in 2022 is still in use in over 200 models — an additional 300 more use keys are marked ‘DO NOT TRUST’

Software security firm Binarly discovered in 2023 that devices from Acer, Dell, Gigabyte, Intel, and Supermicro had compromised Secure Boot. The cryptographic key protecting those models leaked in late 2022 in a public GitHub repository. Anyone who downloaded it could bypass the protection offered by Secure Boot.

Aside from the 2022 leak, Ars Technica also reported that over 300 more models used 21 platform keys marked ‘DO NOT SHIP’ or ‘DO NOT TRUST.’ These 21 keys were provided by American Megatrends, Inc. (AMI) as test keys to motherboard manufacturers for customizing their UEFI firmware. That means nearly all manufacturers that worked with AMI had a copy of these keys, and they’re an open industry secret known to hundreds, if not thousands, of personnel.

Continue Reading