wikiSafety instructions for AMI-SA-2023009 LogoFail
With the help of prepared bootlogos, safety mechanisms such as Secure Boot can be bypassed due to a UEFI vulnerability ("LogoFail"). Staff of the IT security company Binarly presented details about this vulnerability at the Black Hat Europe Conference on December 6, 2023.[1][2][3]
Background information
Potential attackers may execute malicious codes and bypass security mechanisms such as Secure Boot by manipulating bootlogos.
There are two different ways to use bootlogos:
- Normally, bootlogos are stored in the BIOS image. Normal users can not change them. Administrator rights are required for the installation of a new BIOS image with a modified logo.
- Alternatively, on some systems, bootlogs can be stored in the EFI system partitions (for example as "\EFI\OEM\Logo.jpg"). Operating systems only allow administrator writing access in case of emergency.
Updates for products of Thomas-Krenn
You will find updates for the corresponding system in the download area of Thomas-Krenn as soon as available.
More information
- AMI-SA-2023009 (via www.ami.com/security-center, 06.12.2023)
- UEFI-vulnerability LogoFAIL: Secure Boot can be bypassed with manipulated boot logos (heise.de, 03.12.2023)
- Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack - UEFIs booting Windows and Linux devices can be hacked by malicious logo images (arstechnica.com, 06.12.2023)
- LogoFAIL vulnerability, December 2023 (via www.supermicro.com/security-center, 18.12.2023)
References
- ↑ The Far-Reaching Consequences of LogoFAIL (binarly.io, 29.11.2023)
- ↑ Finding LogoFAIL: The Dangers of Image Parsing During System Boot (binarly.io, 06.12.2023)
- ↑ LogoFAIL - Security implications of image parsing during system boot (PDF, blackhat.com/EU-23, 06.12.2023)
 |
Author: Werner Fischer Werner Fischer, working in the Knowledge Transfer team at Thomas-Krenn, completed his studies of Computer and Media Security at FH Hagenberg in Austria. He is a regular speaker at many conferences like LinuxTag, OSMC, OSDC, LinuxCon, and author for various IT magazines. In his spare time he enjoys playing the piano and training for a good result at the annual Linz marathon relay.
|
 |
Translator: Alina Ranzinger Alina has been working at Thomas-Krenn.AG since 2024. After her training as multilingual business assistant, she got her job as assistant of the Product Management and is responsible for the translation of texts and for the organisation of the department.
|
