These attacks can be particularly pernicious because infections hide inside the firmware that runs at an early stage, before even Windows or Linux has loaded.
Secure Boot verifies that each firmware component is digitally signed before it's allowed to run, creating a chain-of-trust linking each file that gets loaded.
Last year, researcher Martin Smolár noticed something curious about SysReturn; buried deep inside was an XOR-encoded UEFI application named reloader.efi, which was digitally signed.
Reloader.efi used a custom PE loader rather than using the Secure Boot process, highlighting a significant loophole in the security framework.
Collection
[
|
...
]