VU#538470: Clevo UEFI firmware... Note

VU#538470: Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard

Clevo, a computer hardware manufacturer, unintentionally exposed private keys within its UEFI firmware update packages. These keys are crucial for Intel Boot Guard, a security feature protecting the early boot process. Boot Guard verifies the Initial Boot Block, ensuring only trusted firmware executes before UEFI initialization. The leaked keys could be exploited by attackers to sign malicious firmware, bypassing Boot Guard's protection. This allows the attacker to compromise UEFI systems, gaining persistent control. Clevo's firmware is used by other manufacturers, expanding the potential impact beyond Clevo-branded systems. An attacker with flash storage access could use the keys to install malicious firmware. This compromise could lead to stealthy control of the affected devices. Clevo removed the affected software, but public remediation steps remain undefined. Users should assess their exposure, monitor for modifications, and only apply verified firmware updates. The issue was reported by Binarly Research Team, with this document written by Vijay Sarvepalli.