Boot Guard private keys were found exposed within firmware update packages, potentially allowing attackers to bypass critical security protections in affected devices. Researchers at Binary Research have uncovered that private cryptographic keys used in Intel’s Boot Guard security technology were inadvertently exposed in firmware update packages for Clevo-based devices. Security experts recommend that affected manufacturers issue firmware updates that use newly generated cryptographic keys, though this process is complex and requires coordination with Intel and affected system vendors. Similar incidents have occurred previously, as when the HardenedLinux team demonstrated how Boot Guard keys leaked during the MSI data breach could be exploited to bypass security measures on MSI devices. The discovery initially reported on the Win-Raid forum in late February 2025, represents a significant security breach that could allow attackers to bypass firmware validation mechanisms and potentially install malicious code at the UEFI firmware level. Using their Transparency Platform, researchers identified 15 firmware images containing the exposed keys, affecting 10 unique devices from manufacturers including Gigabyte and XPG. “This means that these keys can be used to sign a malicious firmware image that will pass validation at runtime, effectively bypassing Boot Guard,” researchers said. Technical analysis verified these keys match the modules stored in the Boot Guard Key Manifest (KM) and Boot Policy Manifest (BPM) used in Clevo firmware images. When private keys are compromised, malicious actors could theoretically craft unauthorized firmware that would still pass security checks. Users of affected devices should apply any security updates provided by manufacturers promptly, though the fundamental vulnerability may persist until hardware replacement occurs in some cases. As the UEFI ecosystem becomes increasingly complex, with original design manufacturers (ODMs) like Clevo supplying hardware to multiple vendors, a single security lapse can have far-reaching consequences. Boot Guard is an Intel technology designed to protect systems against firmware-level attacks by cryptographically verifying firmware integrity during the boot process.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 26 Mar 2025 12:55:13 +0000