"UEFI: 5 Recommendations for Securing and Restoring Trust"

Despite declining overall computer sales in 2022, 286.2 million Windows-based PCs were sold. Each computer was released with firmware based on the Unified Extensible Firmware Interface (UEFI), an alternative to the Basic Input/Output System (BIOS) that provides an extensible intersection between hardware and the operating system. The UEFI standard also identifies reliable methods for updating this firmware from the operating system. Most users are unaware of this piece of software, but it is on attackers' radar. The "BlackLotus" attack exposed a bootkit, an advanced form of malicious software that is difficult to detect or remove. Microsoft and other vendors are still struggling to detect this bootkit reliably or protect even completely patched machines against this attack. Soon after that attack, another one involving a leak of sensitive information, including private keys from multiple PC manufacturers, occurred. These private keys, typically used to cryptographically sign UEFI-based software, could be used to create malicious software capable of achieving high-privileged access to the CPU. The bootkits plant malicious code into highly trusted software that is critical for these devices' normal operation. Vijay S. Sarvepalli, a senior security solutions architect with the Carnegie Mellon Software Engineering Institute's (SEI) CERT Division, further expands on the concerns raised by these attacks as well as highlights recommendations to secure the UEFI ecosystem and restore trust in this firmware. This article continues to discuss recommendations to secure the UEFI ecosystem and restore trust.

SEI reports "UEFI: 5 Recommendations for Securing and Restoring Trust"