Does BlackLotus UEFI bootkit impact Linux in dual boot with Windows?

danielson · March 2, 2023, 1:42pm

BlackLotus UEFI bootkit defeats Secure Boot
–Windows 11 Security at risk? BlackLotus UEFI bootkit defeats Secure Boot - gHacks Tech News
–https://www.ghacks.net/2023/03/02/windows-11-security-at-risk-blacklotus-uefi-bootkit-defeats-secure-boot/

4dandl4 · March 2, 2023, 4:11pm

@danielson
From what I read, I would say “yes”.

danielson · March 2, 2023, 7:21pm

Akin to other strange things in previous years with nothing to know or do about it huh!

Intel inside only knows…

4dandl4 · March 2, 2023, 7:31pm

Other than steer clear of UEFI bootkits if one is running W11, which I am on one PC.

danielson · March 2, 2023, 9:55pm

So, booting into Linux (dual boot with Win) avoids the nasties?

4dandl4 · March 2, 2023, 11:55pm

@danielson
I do not dual boot W11 and probably never will, but I do dual boot W10, but not in UEFI.

danielson · March 3, 2023, 1:01am

In a way, whether UEFI or not, if the disk is compromised by default, what can be done?

shamu · March 3, 2023, 1:57am

Get rid of Windows ASAP.

danielson · March 3, 2023, 3:05am

Really?!

Even if disk compromise from getgo?

4dandl4 · March 3, 2023, 4:41am

@danielson
Reformat and start over, or trash the disk and start over, about all I would know!!!

7blade · March 3, 2023, 6:00am

My recommendation is, if you REALLY MUST, dual boot ANY version of windows with Linux (any version) use separate hard drives. One for each OS.
Given the current level of interfaces available today either drive can be USB external.
I’ve found it is better to disable the UEFI secure boot. You could disable when using Linux and enable when using windows.

4dandl4 · March 3, 2023, 7:27am

@7blade
The only problem with that is W11 will not boot without secure boot enabled, what do you think
the BlackLoutus Bootkit is doing, bypassing all UAC and secure boot by some frilly weakness,
until Microsoft can patch the weakness, and the weakness is nothing new, just took someone, with nothing else to do to exploit the weakness. Linux would not have a flying chance in hell running on the hardware in my new W11 PC.

danielson · March 3, 2023, 1:43pm

Have a DELL desktop…
Maybe time to install a separate SSD.

Then again… what other malware will come around to haunt me there?!

4dandl4 · March 3, 2023, 3:07pm

@danielson
What are you trying to dual boot with?

danielson · March 3, 2023, 3:24pm

With Windows 11 on a DELL Optiplex 7060.

4dandl4 · March 3, 2023, 3:33pm

Would you care to share your specs?

danielson · March 3, 2023, 3:51pm

Just noticed “secure boot state off” - never touched it!

OS Name	Microsoft Windows 11 Pro
Version	10.0.22621 Build 22621
Other OS Description	Not Available
OS Manufacturer	Microsoft Corporation
System Manufacturer	Dell Inc.
System Model	OptiPlex 7060
System Type	x64-based PC
System SKU	085A
Processor	Intel(R) Core™ i5-8500 CPU @ 3.00GHz, 3000 Mhz, 6 Core(s), 6 Logical Processor(s)
BIOS Version/Date	Dell Inc. 1.24.0, 12/9/2022
SMBIOS Version	3.1
Embedded Controller Version	255.255
BIOS Mode	UEFI
BaseBoard Manufacturer	Dell Inc.
BaseBoard Product	0NC2VH
BaseBoard Version	A01
Platform Role	Desktop
Secure Boot State	Off
PCR7 Configuration	Elevation Required to View
Windows Directory	C:\Windows
System Directory	C:\Windows\system32
Boot Device	\Device\HarddiskVolume1
Locale	United States
Hardware Abstraction Layer	Version = 10.0.22621.819
Time Zone	Central Standard Time
Installed Physical Memory (RAM)	8.00 GB
Total Physical Memory	7.80 GB
Available Physical Memory	3.53 GB
Total Virtual Memory	9.68 GB
Available Virtual Memory	5.55 GB
Page File Space	1.88 GB
Page File	C:\pagefile.sys
Kernel DMA Protection	Off
Virtualization-based security	Running
Virtualization-based security Required Security Properties
Virtualization-based security Available Security Properties	Base Virtualization Support, DMA Protection, UEFI Code Readonly, Mode Based Execution Control
Virtualization-based security Services Configured	Hypervisor enforced Code Integrity
Virtualization-based security Services Running	Credential Guard, Hypervisor enforced Code Integrity
Windows Defender Application Control policy	Enforced
Windows Defender Application Control user mode policy	Audit
Device Encryption Support	Elevation Required to View
A hypervisor has been detected. Features required for Hyper-V will not be displayed.

4dandl4 · March 3, 2023, 4:20pm

OK, secure boot does not have to be enabled but UEFI/secure boot has to be available.
Also Device Manager should show TPM

under the Security device
Are you wanting to dual boot this machine with Linux on a separate drive? If so, I can’t see
using a separate drive will change anything, as to what W11 is requiring to boot.
I plan on running Linux on my W11 machine, but it will only be in a VM.

danielson · March 3, 2023, 4:26pm

TPM is there just like yours.

Have never run a Linux distro in VM before.
They’re usually slow in there right?

4dandl4 · March 3, 2023, 4:54pm

My best advice, do not compromise W11 in trying to hack Linux on your machine, this is probably
what happened to the laptop. I am curious as to how, BlackLotus BootKit, is envolved, because
I have one laptop running W10 and Debian 11, on the same drive.
VM should run OK with 8GB of ram, allocate maybe 2GB to 4GB to the VM, depending on the
distro, would be worth the trouble to update ram to 16GB.
I have a Dell laptop running W10 and a Gentoo VM with only 2GB allocated to the VM, runs OK,
but not as fast as a Cheetah.