|
|
|
|
|
|
by tripflag
694 days ago
|
|
|
The case you're outlining (an uefi rootkit) is pretty much the worst case; assuming you get infected by some malware which decides to install a malicious firmware (BIOS update), then pretty much nothing is getting in the way of that. What secureboot is designed to prevent is malicious changes to the OS bootloader (a conventional rootkit), which is usually shimx64.efi or grubx64.efi on linux/dualboot machines, or bootmgfw.efi on windows. Secureboot checks the signature of .efi files before they're allowed to run during boot, ensuring they were signed by one of the trusted keys. And unless you've made changes to your secureboot config, that means microsoft and/or the hardware vendor. |
|
|