Found on VirusTotal: The world’s first UEFI bootkit for Linux
arstechnica.com
“Bootkitty” is likely a proof-of-concept, but may portend working UEFI malware for Linux.

“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. “Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.”

  • Illecors@lemmy.cafeEnglish
    2·
    7 days ago

    The Bootkitty sample ESET found is unable to override a defense, known as UEFI Secure Boot, that uses cryptographic signatures to ensure that each piece of software loaded during startup is trusted by a computer’s manufacturer.

    AKA not that big of a deal, yet. An article from another post about this also mentions GRUB explicitly as a requirement as well as PoC using self signed keys, which renders it sort of impossible to abuse.

    UKI + your own keys + secure boot is still not broken.

    • CriticalMiss@lemmy.worldEnglish
      0·
      6 days ago

      How many distros support secure boot out of the box? IIRC it’s only Ubuntu and RHEL. The rest require hacking some shit together with self signed keys.

      • Illecors@lemmy.cafeEnglish
        1·
        6 days ago

        Don’t know, been rolling with Gentoo for some time now.

        I wouldn’t trust “out of the box” support anyway as that would imply trusting microsoft keys.

        • raldone01@lemmy.worldEnglish
          1·
          6 days ago

          It is so annoying that one can’t ditch m$ keys and still boot windows. Sure you can sign the windows bootloader with your own keys. However it checks its own signature and just refuses to boot.

          If anyone has a solution let me know.

    • fuckwit_mcbumcrumble@lemmy.dbzer0.comEnglish
      1·
      7 days ago

      Unfortunately a lot of people in the Linux world still hate secure boot because they associate it with locking your PC to only running windows. Never mind the fact that basically every big Linux distro plays nicely with secure boot these days, and has for a while now.

      • Shdwdrgn@mander.xyzEnglish
        1·
        7 days ago

        I associate it with the fight I’ve had every single time I tried to use it. It’s never been a smooth process on any server I attempted to use it on. Usually I either run into problems with a system not wanting to properly boot the memory stick even with a full UEFI image flashed to it, or if I do get that to work I go through the whole installation process only to find the system unbootable for whatever reason. Eventually I just give up and do a standard installation because why should I have to work this hard to put an OS on a machine?