• kelvie
    link
    fedilink
    arrow-up
    7
    ·
    1 year ago

    So I don’t get it, I have my entire boot image in a signed EFI binary, the logo is in there as well. I don’t think I’m susceptible to this, right? I don’t think systemd-boot or the kernel reads an unsigned logo file anywhere. (Using secure boot)

    • calm.like.a.bomb@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      13
      ·
      1 year ago

      This is way before reaching your bootloader. It’s about the manufacturer logo that’s displayed by UEFI while doing the whole hardware initialization.

      • kelvie
        link
        fedilink
        arrow-up
        6
        ·
        1 year ago

        That’s… Stored in the EFI partition or changeable in userspace?

        • calm.like.a.bomb@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          1
          ·
          1 year ago

          Depending on how the UEFI is configured, a simple copy/paste command, executed either by the malicious image or with physical access, is in many cases all that’s required to place the malicious image into what’s known as the ESP, short for EFI System Partition, a region of the hard drive that stores boot loaders, kernel images, and any device drivers, system utilities, or other data files needed before the main OS loads.

          (from the article)

          • kelvie
            link
            fedilink
            arrow-up
            1
            ·
            1 year ago

            Right, I know EFI images are stored in the EFI partition, but with secure boot, only signed images can be executed, so they’d need to steal someone’s signing key to do this.