Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack - eviltoast
  • Melllvar@startrek.website
    link
    fedilink
    English
    arrow-up
    31
    ·
    11 months ago

    As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment.

    So, does disabling the boot logo prevent the attack, or would it only make the attack obvious?

    • lazylion_ca@lemmy.ca
      link
      fedilink
      arrow-up
      17
      arrow-down
      2
      ·
      11 months ago

      If you have access to replace the logo file, you probably have access to enable it as well.

      • fl42v@lemmy.ml
        link
        fedilink
        arrow-up
        6
        ·
        11 months ago

        Not necessarily, I guess. They’re talking about a firmware upgrade of sorts, and, at least on the machines I own(ed), performing it didn’t reset user settings (which disabling the logo is)

      • Melllvar@startrek.website
        link
        fedilink
        English
        arrow-up
        14
        ·
        11 months ago

        Usually you can, though the setting might be listed under something like “show diagnostic during boot”.