this post was submitted on 27 Nov 2024
206 points (96.8% liked)

Technology

59675 readers
3281 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
L3s@fry.gs
L4s@fry.gs
L4s@lemmy.world
enu@lemmy.world
206
Found in the wild: The world’s first unkillable UEFI bootkit for Linux (arstechnica.com)
submitted 1 day ago by purrtastic@lemmy.nz to c/technology@lemmy.world
29 comments fedilink hide all child comments
 

“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. “Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.”

you are viewing a single comment's thread
view the rest of the comments
[–] Illecors@lemmy.cafe 7 points 17 hours ago (1 children)

Yes, failing to safeguard keys is fatal, but that applies to everything. But if fs you're storing keys on is behind luks and they're readable by root only - you're as safe enough. There're also LSMs like selinux that can increase the complexity of attack.

I don't know about nitrokey specifically, but TPM is an option (not good enough, imo) and a simple luks encrypted usb. You could get some convenience by storing the key to unlock it somewhere on the encrypted root.

In general - you cannot stop a targeted attack no matter what, but staying safe from all the automated ones is doable.

[–] chevy9294@monero.town 1 points 13 hours ago

They are stored behind luks and I think they are readable only by root. But bootkit can probably only infect UEFI from Linux that is running on that machine. And to interact to UEFI you probably have to be root, right?

I'll look into more options, either store keys on a seperate luks usb key or on a hardware securety key like Nitrokey. For sbctl there is already a roadmap feature for hardware security keys, I hope this comes soon :)