Due to its complexity and closed source approach, many different UEFI
implementations have
suffered many different vulnerabilities. Many (all?) include a full
network stack.
I have closed UEFI shell UEFI. As you all, probably, if you use UEFI as BSP. You could NOT enter UEFI shell, since every vendor disables this. I can break into the UEFI shell in no time. Then, you can imagine what I can do? As example, write .efi rootkit file, to exploit UEFI. Etc...
NOT to mention that UEFI on my notebook is protected with the admin password, but this does NOT prevent me to break into the UEFI shell (I do NOT care about password protection, as it does NOT exist at all).
Zoran
On Fri, Dec 8, 2017 at 4:26 PM, awokd awokd@elude.in wrote:
On Fri, December 8, 2017 4:44 am, Zoran Stojsavljevic wrote:
Let me try again to state what I stated before, with some new insides, because Tim brought the new equation: HAP into this discussion.
In addition to all the issues with ME listed so far, systems from Dell etc. ship with UEFI BIOS. Due to its complexity and closed source approach, many different UEFI implementations have suffered many different vulnerabilities. Many (all?) include a full network stack. Coreboot is open source and simply a bootstrap, closing out large swaths of attack surfaces.