BlackLotus UEFI bootkit defeats Secure Boot
–Windows 11 Security at risk? BlackLotus UEFI bootkit defeats Secure Boot - gHacks Tech News
–https://www.ghacks.net/2023/03/02/windows-11-security-at-risk-blacklotus-uefi-bootkit-defeats-secure-boot/
Akin to other strange things in previous years with nothing to know or do about it huh!
Intel inside only knows…
Other than steer clear of UEFI bootkits if one is running W11, which I am on one PC.
So, booting into Linux (dual boot with Win) avoids the nasties?
In a way, whether UEFI or not, if the disk is compromised by default, what can be done?
Get rid of Windows ASAP.
Really?!
Even if disk compromise from getgo?
My recommendation is, if you REALLY MUST, dual boot ANY version of windows with Linux (any version) use separate hard drives. One for each OS.
Given the current level of interfaces available today either drive can be USB external.
I’ve found it is better to disable the UEFI secure boot. You could disable when using Linux and enable when using windows.
@7blade
The only problem with that is W11 will not boot without secure boot enabled, what do you think
the BlackLoutus Bootkit is doing, bypassing all UAC and secure boot by some frilly weakness,
until Microsoft can patch the weakness, and the weakness is nothing new, just took someone, with nothing else to do to exploit the weakness. Linux would not have a flying chance in hell running on the hardware in my new W11 PC.
Have a DELL desktop…
Maybe time to install a separate SSD.
Then again… what other malware will come around to haunt me there?!
With Windows 11 on a DELL Optiplex 7060.
Would you care to share your specs?
Just noticed “secure boot state off” - never touched it!
OS Name | Microsoft Windows 11 Pro |
---|---|
Version | 10.0.22621 Build 22621 |
Other OS Description | Not Available |
OS Manufacturer | Microsoft Corporation |
System Manufacturer | Dell Inc. |
System Model | OptiPlex 7060 |
System Type | x64-based PC |
System SKU | 085A |
Processor | Intel(R) Core™ i5-8500 CPU @ 3.00GHz, 3000 Mhz, 6 Core(s), 6 Logical Processor(s) |
BIOS Version/Date | Dell Inc. 1.24.0, 12/9/2022 |
SMBIOS Version | 3.1 |
Embedded Controller Version | 255.255 |
BIOS Mode | UEFI |
BaseBoard Manufacturer | Dell Inc. |
BaseBoard Product | 0NC2VH |
BaseBoard Version | A01 |
Platform Role | Desktop |
Secure Boot State | Off |
PCR7 Configuration | Elevation Required to View |
Windows Directory | C:\Windows |
System Directory | C:\Windows\system32 |
Boot Device | \Device\HarddiskVolume1 |
Locale | United States |
Hardware Abstraction Layer | Version = 10.0.22621.819 |
Time Zone | Central Standard Time |
Installed Physical Memory (RAM) | 8.00 GB |
Total Physical Memory | 7.80 GB |
Available Physical Memory | 3.53 GB |
Total Virtual Memory | 9.68 GB |
Available Virtual Memory | 5.55 GB |
Page File Space | 1.88 GB |
Page File | C:\pagefile.sys |
Kernel DMA Protection | Off |
Virtualization-based security | Running |
Virtualization-based security Required Security Properties | |
Virtualization-based security Available Security Properties | Base Virtualization Support, DMA Protection, UEFI Code Readonly, Mode Based Execution Control |
Virtualization-based security Services Configured | Hypervisor enforced Code Integrity |
Virtualization-based security Services Running | Credential Guard, Hypervisor enforced Code Integrity |
Windows Defender Application Control policy | Enforced |
Windows Defender Application Control user mode policy | Audit |
Device Encryption Support | Elevation Required to View |
A hypervisor has been detected. Features required for Hyper-V will not be displayed. |
OK, secure boot does not have to be enabled but UEFI/secure boot has to be available.
Also Device Manager should show TPM
under the Security device
Are you wanting to dual boot this machine with Linux on a separate drive? If so, I can’t see
using a separate drive will change anything, as to what W11 is requiring to boot.
I plan on running Linux on my W11 machine, but it will only be in a VM.
TPM is there just like yours.
Have never run a Linux distro in VM before.
They’re usually slow in there right?
My best advice, do not compromise W11 in trying to hack Linux on your machine, this is probably
what happened to the laptop. I am curious as to how, BlackLotus BootKit, is envolved, because
I have one laptop running W10 and Debian 11, on the same drive.
VM should run OK with 8GB of ram, allocate maybe 2GB to 4GB to the VM, depending on the
distro, would be worth the trouble to update ram to 16GB.
I have a Dell laptop running W10 and a Gentoo VM with only 2GB allocated to the VM, runs OK,
but not as fast as a Cheetah.