Normally, Secure Boot prevents the UEFI from executing any subsequent files unless they bear a digital signature confirming that these files are trusted by the device manufacturer. The exploit bypasses this protection by injecting shellcode stored in a malicious bitmap image displayed by the UEFI during the boot process. The injected code installs a cryptographic key that digitally signs a malicious GRUB file, along with a backdoor image of the Linux kernel, both of which are executed during later stages of the boot process on Linux machines.
The silent installation of this key causes the UEFI to treat the malicious GRUB and kernel image as trusted components, thereby bypassing Secure Boot protections. The end result is that a backdoor ends up in the Linux kernel before any other security mechanisms are loaded.
Diagram illustrating the execution flow of the LogoFAIL exploit Binarly found in the wild.
Credit: Binary
In an online interview, HD Moore, CTO and co-founder of runZero and an expert in firmware-based malware, explained the Binarly report as follows:
The Binarly article refers to someone using the LogoFAIL bug to configure a UEFI payload that bypasses secure boot (firmware) by tricking the firmware into accepting their self-signed key (which is then stored in the firmware as the MOK variable). The malicious code is still limited to the user side of UEFI, but the LogoFAIL exploit does let them add their own signing key to the firmware's allow list (but does not infect the firmware in any other way).
It's still essentially a GRUB-based kernel backdoor versus a firmware backdoor, but it does exploit a firmware bug (LogoFAIL) to allow installation without user interaction (enroll, reboot, and then install the new MOK accept signing key).
In a normal secure boot configuration, the administrator generates a local key, uses it to sign their updated kernel/GRUB packages, tells the firmware to register the key they created, and after rebooting, the administrator has to enter this new key via the accept console (or remotely via bmc/ipmi/ilo/drac/etc bios console).
In this scheme, the attacker can replace the known good GRUB+ kernel with a backdoored version by writing in his own signing key without user interaction via the LogoFAIL exploit, but it is still essentially a GRUB-based bootkit and is not hardcoded into the BIOS firmware or something else.
Machines vulnerable to this exploit include some models sold by Acer, HP, Fujitsu and Lenovo when shipped with a UEFI developed by manufacturer Insyde and running Linux. Evidence found in the exploit code indicates that the exploit may have been tailored to specific hardware configurations of such machines. Insyde released a patch earlier this year that prevents the exploit from working. Unpatched devices remain vulnerable. Devices from these manufacturers that use non-Insyde UEFIs are not affected.
