Git-Mirrors/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-12-16 16:24:24 -05:00
Code Issues Projects Releases Packages Wiki Activity
privacyguides.org/blog/posts/secure-boot.md
fria e33ec618ed
grammar
2025-10-24 06:17:29 -05:00

2.5 KiB
Raw Blame History

date categories authors tags preview
created
2025-05-19T20:15:00Z
Explainers
fria
Secure Boot
Measured Boot
Verified Boot
cover

Secure Boot Explained

More and more devices are internet-enabled these days, which means the possiblity of malware. A lot of focus goes into securing the software running on our devices, but even if our operating systems are secure, if the lower level firmware that controls our hardware is compromised it's essentially all for naught.

What is Firmware?

In order for your hardware to function, it oftentimes needs small programs embedded directly into it, called firmware.

Firmware provides low-level control for your hardware and allows the operating system to control it. The name comes from the fact that it's in between hardware and software; it's not executing CPU instructions, but it's a running program nonetheless.

Almost every chip in every device you own runs firmware, from the Wi-Fi chip to the CPU to the GPU and even the motherboard itself. Most of these devices store their firmware in non-volatile memory that can be flashed, or rewritten with new data. A lot of the time, it can be flashed from the operating system, without needing any special equipment.

This is desirable since older firmware can have vulnerabilities that need to be patched, which is especially important for connected devices that could be remotely exploited. Being able to easily patch firmware vulnerabilities through normal OS updates is essential for security on modern hardware that's so complex and feature-rich.

However, it introduces a problem: if you can flash new firmware, an attacker can do the same.

Malware Persistence

That makes any device, from your SSD to your graphics card to your sound card, a potential vector for infection. And once the firmware is infected, it will stay that way: remember, it's installed on the hardware itself, so it can survive a full OS wipe and reinstall.

This isn't just theoretical: sophisticated malware has infected the firmware of devices like hard drives to hide from detection and persist between reboots and OS reinstalls.

If you think about the sheer number of devices in your computer, most made by different companies, the attack surface is huge.

UEFI

In order to facilitate