The Lemon Fool

Posted: **December 8th, 2023, 5:14 pm**

LogoFail. All UEFI based systems vulnerable.
I don’t know how the malicious actors are going to get their version of the OS vendors Logo onto your system in the first place mind.

https://arstechnica.com/security/2023/1 ... re-attack/

Posted: **December 8th, 2023, 8:26 pm**

GrahamPlatt wrote:I don’t know how the malicious actors are going to get their version of the OS vendors Logo onto your system in the first place mind.

US lawful intercept legislation?

As (IIRC) revealed in connection with thrangrycat (but buried under the much bigger shock revelation of Pegasus the same day), the spooks have the right to get their hands on your hardware before you do, at least if you are in the US or your supplier values its business there. Though that was specifically routers.

Posted: **December 9th, 2023, 9:12 am**

https://www.coreboot.org/users.html

Security
coreboot comes with a minimal Trusted Computing Base which reduces the general attack surface. It also supports a secure boot process called VBOOT2. It’s written in MISRA-C standard and provides other languages like Ada for formal verification of special properties. Also the use of platform features like IOMMU, flash protections and deactivated SMM mode increases the security as well.

Cont.

Be interesting to see if Coreboot and its variants are resistant to this firmware issue...

Posted: **December 9th, 2023, 4:58 pm**

Infrasonic wrote:https://www.coreboot.org/users.html

Security
coreboot comes with a minimal Trusted Computing Base which reduces the general attack surface. It also supports a secure boot process called VBOOT2. It’s written in MISRA-C standard and provides other languages like Ada for formal verification of special properties. Also the use of platform features like IOMMU, flash protections and deactivated SMM mode increases the security as well.
Cont.

Be interesting to see if Coreboot and its variants are resistant to this firmware issue...

Looking into the details it's likely that Coreboot et-al would be resistant.

In essence the exploit entails replacing a customizable graphical image with one that overflows the buffer.
Move to firmware where the image is embedded or size checked and the exploit won't work.

https://palantetech.coop/blog/palante-s ... y-logofail

Posted: **December 9th, 2023, 9:27 pm**

I don't profess to understand a lot of the detail here, but this quote from the article seemed a bit glib:

The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday’s coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device.

Given that the way in which this vulnerability could be exploited is by installing a fake firmware update, this palces a lot of trust in making sure you are getting your firmware update from the right place (or that they haven't been compromised).

Posted: **December 10th, 2023, 12:28 am**

chas49 wrote:I don't profess to understand a lot of the detail here, but this quote from the article seemed a bit glib:

The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday’s coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device.

Given that the way in which this vulnerability could be exploited is by installing a fake firmware update, this palces a lot of trust in making sure you are getting your firmware update from the right place (or that they haven't been compromised).

If your system installs *any* updates that aren't cryptographically signed by a fully trusted source, you're asking for trouble.

The Lemon Fool

Rather important security alert

Rather important security alert

Re: Rather important security alert

Re: Rather important security alert

Re: Rather important security alert

Re: Rather important security alert

Re: Rather important security alert