"Secure Boot is a feature of the UEFI specification that only allows software components with trusted digital signatures to be loaded during the boot sequence. It was designed specifically to prevent malware like bootkits from compromising the boot process. According to the researchers, the exploits demonstrated at Black Hat are possible not because of vulnerabilities in Secure Boot itself, but because of UEFI implementation errors made by platform vendors. The first exploit works because certain vendors do not properly protect their firmware, allowing an attacker to modify the code responsible for enforcing Secure Boot, said Bulygin who works at McAfee. The exploit is designed to modify the platform key -- the root key at the core of all Secure Boot signature checks -- but in order to work it needs to be executed in kernel mode, the most privileged part of the operating system."
wow they hack the lock off the book :)
So, Bulygin works at McAfee, who most likely have special access to a lot of the underlying OS stuff from both MS and PC vendors. How on earth is it ethical for him to release this info given this background?
Not that I care about the UEFI being circumvented at all, I just hate hypocrisy especially when it comes from a so-called 'security vendor' relating to a security mechanism that they now tell people how to overcome (or at the least, THAT it can be overcome).
Physical access to device.. check.. secured using a standard that has been exploited before.. check.. This is no different than rooting and unlocking the bootloader on an android device or jailbreaking an iPhone.. nothing 'new' to see here.
hahaha very funny