Rather important security alert

[GrahamPlatt]

LogoFail. All UEFI based systems vulnerable.
I don’t know how the malicious actors are going to get their version of the OS vendors Logo onto your system in the first place mind.

https://arstechnica.com/security/2023/1 ... re-attack/

[UncleEbenezer]

I don’t know how the malicious actors are going to get their version of the OS vendors Logo onto your system in the first place mind.

US lawful intercept legislation?

As (IIRC) revealed in connection with thrangrycat (but buried under the much bigger shock revelation of Pegasus the same day), the spooks have the right to get their hands on your hardware before you do, at least if you are in the US or your supplier values its business there. Though that was specifically routers.

[Infrasonic]

https://www.coreboot.org/users.html

Security
coreboot comes with a minimal Trusted Computing Base which reduces the general attack surface. It also supports a secure boot process called VBOOT2. It’s written in MISRA-C standard and provides other languages like Ada for formal verification of special properties. Also the use of platform features like IOMMU, flash protections and deactivated SMM mode increases the security as well.

Cont.

Be interesting to see if Coreboot and its variants are resistant to this firmware issue...

[Urbandreamer]

https://www.coreboot.org/users.html

Security
coreboot comes with a minimal Trusted Computing Base which reduces the general attack surface. It also supports a secure boot process called VBOOT2. It’s written in MISRA-C standard and provides other languages like Ada for formal verification of special properties. Also the use of platform features like IOMMU, flash protections and deactivated SMM mode increases the security as well.

Cont.

Be interesting to see if Coreboot and its variants are resistant to this firmware issue...

Looking into the details it's likely that Coreboot et-al would be resistant.

In essence the exploit entails replacing a customizable graphical image with one that overflows the buffer.
Move to firmware where the image is embedded or size checked and the exploit won't work.

https://palantetech.coop/blog/palante-s ... y-logofail

[chas49]

I don't profess to understand a lot of the detail here, but this quote from the article seemed a bit glib:

The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday’s coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device.

Given that the way in which this vulnerability could be exploited is by installing a fake firmware update, this palces a lot of trust in making sure you are getting your firmware update from the right place (or that they haven't been compromised).

[UncleEbenezer]

I don't profess to understand a lot of the detail here, but this quote from the article seemed a bit glib:

The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday’s coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device.

Given that the way in which this vulnerability could be exploited is by installing a fake firmware update, this palces a lot of trust in making sure you are getting your firmware update from the right place (or that they haven't been compromised).

If your system installs *any* updates that aren't cryptographically signed by a fully trusted source, you're asking for trouble.