PureBoot Not Vulnerable to UEFI Exploits (Again)
Latest posts by Jonathon Hall (see all)
- Purism’s PureBoot is Not Affected by UEFI Key Leaks (Again) - July 29, 2024
- From the Hackdesk: Librem 16 - May 30, 2024
- Unexplained Potatoes - April 22, 2024
LogoFAIL: Subverting UEFI Secure Boot
The Binarly Research Team recently presented LogoFAIL, a new exploit defeating UEFI Secure Boot.
In short, an attacker with access to the hard disk of a UEFI system could gain firmware-level control over the computer, even on a device using UEFI Secure Boot. LogoFAIL appears to affect most UEFI implementations.
This is just the latest exploit of this nature. We’ve written about these before, and Binarly’s article lists several more.
UEFI Secure Boot – Delegated Security
UEFI Secure Boot delegates the security of your system to a signing authority, Microsoft. Any bootloaders signed by Microsoft are valid, any not signed by Microsoft are not. While a revocation list exists to ban buggy or malicious bootloaders that the authority signed, it is ineffective. Devices rarely receive revocation list updates, and if they do, they must lag behind known exploits to avoid breaking systems that haven’t been updated yet.
In the meantime, a UEFI Secure Boot system is vulnerable if any bad signed binaries exist, even if they’re not intended for that system. An attacker could place a broken Windows bootloader on a Linux system.
Compounding the problem, the UEFI firmware enforcing this policy isn’t authenticated to you. There’s a good chance that an attacker with privileged disk access can also update your firmware, and they could likely roll it back to a vulnerable version without anyone noticing.
Finally, if you want the security offered by UEFI Secure Boot, you must use an OS approved by the signing authority. Alternatively, your firmware might (or might not) allow you to set a custom signing key and operate your own signing authority.
Take Control
PureBoot’s security model puts you in charge. PureBoot signs the boot files with rollback protection and tells you if the contents ever change – even if you signed them before. Boot files that never appeared on your system before are not automatically accepted.
Signing new boot files requires your Librem Key and PIN, so you’ll know if new files are signed. Even if a boot file exploit appeared in PureBoot, you’d know there was tampering before losing control.
Since PureBoot validates the boot files, you need to know that PureBoot is trustworthy. That’s where the Librem Key comes in. Librem Key tells you that your firmware is the same by blinking green. If your firmware changes for any reason – even if it is firmware you had before – it blinks red.
As the owner, you are always in control. You can change your own firmware all you like. The Librem Key can’t prevent you from booting, it only tells you that it has changed. You can always sign new boot files, or boot unsigned files, if you want.
Immediate Protection
PureBoot’s model protects you immediately, even if exploits in your OS or PureBoot were found. Once you sign new boot files, the old files won’t be accepted, thanks to rollback protection. Once you update firmware, the Librem Key will tell you if it’s rolled back, like any other change.
You don’t have to wait for a third party to revoke a broken bootloader, and then for another third party to update your firmware, if they ever do. You’re protected immediately.
Purism Products and Availability Chart
| Model | Status | Lead Time | ||
|---|---|---|---|---|
 | Librem Key (Made in USA) | In Stock ($59+) | 10 business days | |
 | Librem 5 | In Stock ($699+) 3GB/32GB | 10 business days | |
| Librem 5 COMSEC Bundle | In Stock ($1299+) Qty 2; 3GB/32GB | 10 business days | |
| Liberty Phone (Made in USA Electronics) | Backorder ($1,999+) 4GB/128GB | Estimated fulfillment early November | |
| Librem 5 + SIMple (3 GB Data) | In Stock ($99/mo) | 10 business days | |
| Librem 5 + SIMple Plus (5 GB Data) | In Stock ($129/mo) | 10 business days | |
| Librem 5 + AweSIM (Unlimited Data) | In Stock ($169/mo) | 10 business days | |
 | Librem 11 | In Stock ($999+) 8GB/1TB | 10 business days | |
 | Librem 14 | Backorder ($1,370+) | Estimated fulfillment date pending | |
 | Librem Mini | Backorder ($799+) | Estimated fulfillment November | |
 | Librem Server | In Stock ($2,999+) | 45 business days |
Recent Posts
- PureOS Crimson Development Report: October 2024
- Freedom of Choice vs. Oppression of Big Tech
- The Case for Free/Libre and Open-Source Software: Enhancing Security and Privacy in the Digital Age
- RIP RSA AES: The Immediate Need of Quantum-Resistant Cryptography
- PureOS Crimson Development Report: September 2024
Related Content
- PureOS Crimson Development Report: October 2024
- The Case for Free/Libre and Open-Source Software: Enhancing Security and Privacy in the Digital Age
- RIP RSA AES: The Immediate Need of Quantum-Resistant Cryptography
- PureOS Crimson Development Report: September 2024
- True Choice for Smartphone Privacy and Security
