Home  >  Article  >  Hardware Tutorial  >  Exposure of encryption keys causes secure boot to fail, affecting nearly 500 models of devices from Dell, Acer, Lenovo, etc.

Exposure of encryption keys causes secure boot to fail, affecting nearly 500 models of devices from Dell, Acer, Lenovo, etc.

王林
王林Original
2024-07-26 13:41:04904browse

According to news from this site on July 26, the technology media arstechnica published a blog post today (July 26) stating that more than 200 models of the five major equipment manufacturers Acer, Dell, Gigabyte, Intel and Supermicro have safe boot issues. (Secure Boot) problem.

It is reported that the encryption key that supports the secure boot of the above-mentioned devices has been leaked in 2022.

加密密钥曝光导致安全启动失效,影响戴尔、宏碁、联想等近 500 款型号设备

In December 2022, someone working for multiple US device manufacturers published the platform key, which forms a root-of-trust anchor between hardware devices and their firmware, in a GitHub public repository encryption key.

The repository is located at https://github.com/raywu-aaeon/Ryzen2000_4000.git. As of the publication of this website, the link has been deleted.

Binarly researchers discovered the key in January 2023 while investigating a supply chain incident, scanning firmware images for certificate serial numbers 55:fb:ef:87:81:23:00:84:47:17 :0b:b3:cd:87:3a:f4 Identification, a total of 215 devices using leaked keys were found.

Researchers quickly discovered that the leak of this key was just the beginning of a larger supply chain failure, with serious issues with Secure Boot integrity on nearly 300 additional device models from nearly every major device manufacturer. In addition to the five manufacturers mentioned earlier, they also include Aopen, Foremlife, Fujitsu, HP, Lenovo, etc.

These keys were created by AMI, one of the three major providers of software developer toolkits used by device manufacturers to customize UEFI firmware to run on specific hardware configurations.

加密密钥曝光导致安全启动失效,影响戴尔、宏碁、联想等近 500 款型号设备

加密密钥曝光导致安全启动失效,影响戴尔、宏碁、联想等近 500 款型号设备

加密密钥曝光导致安全启动失效,影响戴尔、宏碁、联想等近 500 款型号设备

The above is the detailed content of Exposure of encryption keys causes secure boot to fail, affecting nearly 500 models of devices from Dell, Acer, Lenovo, etc.. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn