Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security

This page summarizes the projects mentioned and recommended in the original post on news.ycombinator.com
Uefi secureboot Firmware efi-stub WASM

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • SupplyChainAttacks

    • Or the GitHub link below

    https://github.com/binarly-io/SupplyChainAttacks/blob/main/M...

  • fiedka

    a visual toolkit for exploring and editing firmware images, running on web platforms

    • Maybe someone could add key manifest inspection to this OSS tool, https://fiedka.app.

    Hopefully Intel and OEMs will make official statements soon.

    If you're copying a firmware file from the OEM's website to Binarly's website, then receiving a text report, they would have an IP address, browser fingerprint and device model number, but little else.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

    WorkOS logo

  • sbctl

    :computer: :lock: :key: Secure Boot key manager

    • The question is whether you have any UEFI drivers or not. If they're in the ESP you can just look there to check, but UEFI drivers can also be loaded from PCI cards or baked in the firmware itself.

    If you're using a TPM for Secure Boot, you can use the command in https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom to know for sure.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts