ISN 2023-06: UEFI Secure Boot Malware and IGEL OS

Updated 15 May 2023 (Windows Update does not block IGEL OS boot)

First published 12 May 2023

CVSS:3.1 6.7 / 6.2 (Medium)

CVSS:3.1 vector n/a

Summary

A fix for a UEFI Secure Boot issue may affect booting IGEL OS on some devices.

This affects the following IGEL products:

IGEL OS 11
IGEL OS 12
IGEL UD Pocket

Details

In order to block UEFI Secure Boot malware such as the Black Lotus bootkit (CVE-2023-24932), Microsoft has published a security update that revokes a number of bootloaders from UEFI Secure Boot (KB5025885). Also, the UEFI Forum has updated their revocation list.

IGEL has determined that the UEFI Forum revocation list of 9 May 2023 does not block the IGEL Shim bootloader. Customers that apply this revocation list will not have issues with booting IGEL OS.
Applying Microsoft KB5025885 and its revocation command does not block the IGEL Shim bootloader either, testing at IGEL has shown.

References

Microsoft, “Secure Boot Security Feature Bypass Vulnerability - CVE-2023-24932”: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932
Microsoft KB5025885: https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d#timing5025885
UEFI revocation list file (x64): https://uefi.org/revocationlistfile

Download PDF

ISN 2023-06: UEFI Secure Boot Malware and IGEL OS

Summary

Details

References

Cookie Notice