ISN 2023-06: UEFI Secure Boot Malware and IGEL OS

Updated 15 May 2023 (Windows Update does not block IGEL OS boot)

First published 12 May 2023

CVSS:3.1 6.7 / 6.2 (Medium)

CVSS:3.1 vector n/a

Summary

A fix for a UEFI Secure Boot issue may affect booting IGEL OS on some devices.

This affects the following IGEL products:

• IGEL OS 11

• IGEL OS 12

• IGEL UD Pocket

Details

In order to block UEFI Secure Boot malware such as the Black Lotus bootkit (CVE-2023-24932), Microsoft has published a security update that revokes a number of bootloaders from UEFI Secure Boot (KB5025885). Also, the UEFI Forum has updated their revocation list.

• IGEL has determined that the UEFI Forum revocation list of 9 May 2023 does not block the IGEL Shim bootloader. Customers that apply this revocation list will not have issues with booting IGEL OS.

• Applying Microsoft KB5025885 and its revocation command does not block the IGEL Shim bootloader either, testing at IGEL has shown.

References

• Microsoft, “Secure Boot Security Feature Bypass Vulnerability - CVE-2023-24932”: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932

• Microsoft KB5025885: https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d#timing5025885

• UEFI revocation list file (x64): https://uefi.org/revocationlistfile