← Back to Idea Tracker

Category: Cybersecurity

IDEAS: 1
SOURCES: 2
UPDATED: 2026.01.07
Browse other categories:
Agriculture Astronomy Biology + Beyond Biosecurity Cities Cities & Urbanism Consumer Protection Crime & Policing Culture & Media Cybersecurity DEI & Merit Demography Economy & Markets Education Elections & Voting Environment & Energy Europe Free Speech & Censorship Genetics Geopolitics Geoscience Health Care History Housing & Urbanism Immigration Industry & Manufacturing Infrastructure & Energy Infrastructure & Governance Infrastructure & Urbanism Institutions & Governance Labor & Work Law & Courts Media & AI Media & Culture Neuroscience Other Paleontology Policy & Governance Politics Politics & Elections Politics & Geopolitics Politics & Governance Politics & Institutions Politics & Law Politics & Philosophy Politics & Political Psychology Politics & Public Discourse Politics & current affairs Privacy Privacy & Surveillance Psychology Public Health Public Policy Public Safety Science & Replication Security Security & Cyber Security & Defense Social Science Space Space & Astrophysics Space & Exploration States & Cities Tech & AI Transport War Work & Markets Zoology
Signed tools can nullify Secure Boot
21D ago 2 sources
Eclypsium found that Framework laptops shipped a legitimately signed UEFI shell with a 'memory modify' command that lets attackers zero out a key pointer (gSecurity2) and disable signature checks. Because the shell is trusted, this breaks Secure Boot’s chain of trust and enables persistent bootkits like BlackLotus. — It shows how manufacturer‑approved firmware utilities can silently undermine platform security, raising policy questions about OEM QA, revocation (DBX) distribution, and supply‑chain assurance.
Sources: Secure Boot Bypass Risk Threatens Nearly 200,000 Linux Framework Laptops, Logitech Caused Its Mice To Freak Out By Not Renewing a Certificate