close
close

PKfail vulnerability allows attackers to bypass secure boot

Posted on by angelo
PKfail vulnerability allows attackers to bypass secure boot

A critical security flaw dubbed “PKfail” has exposed vulnerabilities in the secure boot process of hundreds of device models, revealing a major weakness in the firmware supply chain. The flaw stems from the misuse of test platform keys (PKs) in production devices, potentially allowing attackers to bypass secure boot protections.

Secure Boot, a cornerstone of platform security, relies on cryptographic keys to verify the integrity of boot processes. However, researchers have revealed that many manufacturers are using untrusted keys provided by independent BIOS vendors (IBVs) instead of generating their own secure keys.

Scope and impact of PKfail

The Binarly research team’s analysis of firmware images from major device vendors revealed some alarming statistics. They found that over 10% of the firmware images in their dataset use untrusted platform keys and that nearly 900 device models are affected by this vulnerability, which has existed in devices for 12 years, from May 2012 to June 2024.

The consequences of this vulnerability can be severe, as attackers who gain access to compromised private keys could potentially bypass Secure Boot, allowing them to execute malicious code during the boot process. This vulnerability affects both x86 and ARM devices, making it a cross-silicone issue.

In 2023, the research team discovered a significant supply chain security incident when leaked Intel Boot Guard private keys distributed by Intel in their reference code were used in production. The team also discovered that the American Megatrends International (AMI) private key linked to the Secure Boot “master key,” called the Platform Key (PK), was publicly exposed in a data breach.

Devices matching this key are still deployed in the field and the key is also used in recently released enterprise devices. This vulnerability allows attackers to bypass Secure Boot and execute malicious code during the boot process, compromising the entire security chain from firmware to the operating system.

Mitigating threats and managing the supply chain

The PKfail issue highlights multiple security issues related to device supply chain security, including poor management of cryptographic materials, use of non-productive cryptographic keys, and lack of rotation of platform security cryptographic keys by product line.

To mitigate these risks, device vendors should implement stronger cryptographic practices, including secure key generation and management. Users should remain vigilant about firmware updates and promptly apply security patches. Researchers have provided a free website API to check if devices are affected by PKfail.