Eclypsium found that Framework laptops shipped a legitimately signed UEFI shell with a 'memory modify' command that lets attackers zero out a key pointer (gSecurity2) and disable signature checks. Because the shell is trusted, this breaks Secure Boot’s chain of trust and enables persistent bootkits like BlackLotus.
— It shows how manufacturer‑approved firmware utilities can silently undermine platform security, raising policy questions about OEM QA, revocation (DBX) distribution, and supply‑chain assurance.
BeauHD
2025.10.15
100% relevant
Framework’s inclusion of a signed UEFI shell exposing 'mm' that can overwrite gSecurity2, as reported by Eclypsium and BleepingComputer, impacting roughly 200,000 devices with patches and DBX updates pending.
← Back to All Ideas