Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://aus.social/users/projectgus/statuses/111536456191175353">Gus (projectgus@aus.social)'s status on Thursday, 07-Dec-2023 10:13:55 JST</a><a href="https://aus.social/@projectgus" title="projectgus@aus.social"><img src="https://gnusocial.jp/avatar/89084-48-20230117195618.webp" width="48" height="48" alt="Gus" style="position: absolute; left: 0; top: 0;">Gus</a></section><article><p>Looking at the LogoFAIL white paper and I'm not connecting the "just about every device vulnerable" part of the headlines.</p><p>IIUC, vulnerable UEFI firmware has to support loading a custom logo from the EFI system partition. I can't find much vendor support for this?</p><p>The only documented method I've found is from HP: <a href="https://support.hp.com/au-en/document/c01646879" rel="nofollow noreferrer">https://support.hp.com/au-en/document/c01646879</a></p><p>Do more vendors support this but don't document it?</p><p>Other "custom BIOS logo" tutorials I've found involve repacking a firmware image, in which case surely the logo is in the BGRT inside the firmware payload which is verified by Intel Boot Guard / Secure Boot before it's loaded. Isn't it?</p><p><a href="https://aus.social/tags/logofail" rel="tag">#logofail</a> <a href="https://aus.social/tags/infosec" rel="tag">#infosec</a> <a href="https://aus.social/tags/uefi" rel="tag">#uefi</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2422565#notice-4788875">In conversation</a><time datetime="2023-12-07T10:13:55+09:00" title="Thursday, 07-Dec-2023 10:13:55 JST">about a year ago</time> <span>from <span><a href="https://aus.social/@projectgus/111536456191175353" rel="external" title="Sent from aus.social via ActivityPub">aus.social</a></span></span><a href="https://aus.social/@projectgus/111536456191175353">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/1930876">Untitled attachment</a></label><br></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
Gus (projectgus@aus.social)'s status on Thursday, 07-Dec-2023 10:13:55 JST Gus
Looking at the LogoFAIL white paper and I'm not connecting the "just about every device vulnerable" part of the headlines.
IIUC, vulnerable UEFI firmware has to support loading a custom logo from the EFI system partition. I can't find much vendor support for this?
The only documented method I've found is from HP: https://support.hp.com/au-en/document/c01646879
Do more vendors support this but don't document it?
Other "custom BIOS logo" tutorials I've found involve repacking a firmware image, in which case surely the logo is in the BGRT inside the firmware payload which is verified by Intel Boot Guard / Secure Boot before it's loaded. Isn't it?
#logofail #infosec #uefi
In conversationabout a year ago from aus.socialpermalink
Attachments
1. Untitled attachment

Public

Embed Notice

HTML Code

Corresponding Notice