Secure Boot bypass risk threatens nearly 200,000 Linux Framework laptops www.bleepingcomputer.com/news/secu…

Around 200,000 Linux computer systems from American computer maker Framework were shipped with signed UEFI shell components that could be exploited to bypass Secure Boot protections.

An attacker could take advantage to load bootkits (e.g. BlackLotus, HybridPetya, and Bootkitty) that can evade OS-level security controls and persist across OS re-installs.

According to firmware security company Eclypsium, the problem stems from including a ‘memory modify’ (mm) command in legitimately signed UEFI shells that Framework shipped with its systems.

The command provides direct read/write access to system memory and is intended for low-level diagnostics and firmware debugging. However, it can also be leveraged to break the Secure Boot trust chain by targeting the gSecurity2 variable, a critical component in the process of verifying the signatures of UEFI modules.

Impacted users are recommended to apply the available security updates. Where a patch isn’t available yet, secondary protection measures like physical access prevention is crucial. Another temporary mitigation is to delete Framework’s DB key via the BIOS.