Clevo Devices Boot Guard Private Key Exposed Via Firmware Update Packages
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
С сайта: Vulnerability(cybersecuritynews.com)
Researchers have discovered a major security vulnerability affecting multiple gaming laptop models using Clevo hardware.
Boot Guard private keys were found exposed within firmware update packages, potentially allowing attackers to bypass critical security protections in affected devices.
Researchers at Binary Research have uncovered that private cryptographic keys used in Intel’s Boot Guard security technology were inadvertently exposed in firmware update packages for Clevo-based devices.
The discovery initially reported on the Win-Raid forum in late February 2025, represents a significant security breach that could allow attackers to bypass firmware validation mechanisms and potentially install malicious code at the UEFI firmware level.
Boot Guard private keys used in Clevo devices
Two private keys were embedded within the BootGuardKey.exe binary found in Clevo firmware packages, with copies also stored in files named “CreateDeleteBIOSKey.keyprivkey.pem” and “CreateDeleteBIOSKey.privkey.pem”.
Technical analysis verified these keys match the modules stored in the Boot Guard Key Manifest (KM) and Boot Policy Manifest (BPM) used in Clevo firmware images.
BootGuard Key Manifest embedded in a Clevo firmware image
“This means that these keys can be used to sign a malicious firmware image that will pass validation at runtime, effectively bypassing Boot Guard,” researchers said.
Widespread Impact on Gaming Laptops
Binarly’s investigation revealed the extent of the vulnerability across the ecosystem. Using their Transparency Platform, researchers identified 15 firmware images containing the exposed keys, affecting 10 unique devices from manufacturers including Gigabyte and XPG.
The vulnerability is particularly concerning as it affects recently released devices, including the Gigabyte G6X 9KG which was released in early 2025. Security researchers note that other gaming-focused vendors using Clevo hardware might also be affected.
Security Implications
Boot Guard is an Intel technology designed to protect systems against firmware-level attacks by cryptographically verifying firmware integrity during the boot process.
When private keys are compromised, malicious actors could theoretically craft unauthorized firmware that would still pass security checks.
Similar incidents have occurred previously, as when the HardenedLinux team demonstrated how Boot Guard keys leaked during the MSI data breach could be exploited to bypass security measures on MSI devices.
Binarly reported their findings to CERT/CC on February 28, 2025, as vulnerability BRLY-2025-002, but according to researchers, “the case was closed a few days later without much explanation.”
This incident highlights ongoing challenges in firmware supply chain security.
As the UEFI ecosystem becomes increasingly complex, with original design manufacturers (ODMs) like Clevo supplying hardware to multiple vendors, a single security lapse can have far-reaching consequences.
Security experts recommend that affected manufacturers issue firmware updates that use newly generated cryptographic keys, though this process is complex and requires coordination with Intel and affected system vendors.
Users of affected devices should apply any security updates provided by manufacturers promptly, though the fundamental vulnerability may persist until hardware replacement occurs in some cases.
#Cyber_Security #Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
Clevo Devices Boot Guard Private Key Exposed Via Firmware Update Packages
Author: KaaviyaResearchers have discovered a major security vulnerability affecting multiple gaming laptop models using Clevo hardware.
Boot Guard private keys were found exposed within firmware update packages, potentially allowing attackers to bypass critical security protections in affected devices.
Researchers at Binary Research have uncovered that private cryptographic keys used in Intel’s Boot Guard security technology were inadvertently exposed in firmware update packages for Clevo-based devices.
The discovery initially reported on the Win-Raid forum in late February 2025, represents a significant security breach that could allow attackers to bypass firmware validation mechanisms and potentially install malicious code at the UEFI firmware level.
Boot Guard private keys used in Clevo devicesTwo private keys were embedded within the BootGuardKey.exe binary found in Clevo firmware packages, with copies also stored in files named “CreateDeleteBIOSKey.keyprivkey.pem” and “CreateDeleteBIOSKey.privkey.pem”.
Technical analysis verified these keys match the modules stored in the Boot Guard Key Manifest (KM) and Boot Policy Manifest (BPM) used in Clevo firmware images.
BootGuard Key Manifest embedded in a Clevo firmware image“This means that these keys can be used to sign a malicious firmware image that will pass validation at runtime, effectively bypassing Boot Guard,” researchers said.
Widespread Impact on Gaming Laptops
Binarly’s investigation revealed the extent of the vulnerability across the ecosystem. Using their Transparency Platform, researchers identified 15 firmware images containing the exposed keys, affecting 10 unique devices from manufacturers including Gigabyte and XPG.
The vulnerability is particularly concerning as it affects recently released devices, including the Gigabyte G6X 9KG which was released in early 2025. Security researchers note that other gaming-focused vendors using Clevo hardware might also be affected.
Security Implications
Boot Guard is an Intel technology designed to protect systems against firmware-level attacks by cryptographically verifying firmware integrity during the boot process.
When private keys are compromised, malicious actors could theoretically craft unauthorized firmware that would still pass security checks.
Similar incidents have occurred previously, as when the HardenedLinux team demonstrated how Boot Guard keys leaked during the MSI data breach could be exploited to bypass security measures on MSI devices.
Binarly reported their findings to CERT/CC on February 28, 2025, as vulnerability BRLY-2025-002, but according to researchers, “the case was closed a few days later without much explanation.”
This incident highlights ongoing challenges in firmware supply chain security.
As the UEFI ecosystem becomes increasingly complex, with original design manufacturers (ODMs) like Clevo supplying hardware to multiple vendors, a single security lapse can have far-reaching consequences.
Security experts recommend that affected manufacturers issue firmware updates that use newly generated cryptographic keys, though this process is complex and requires coordination with Intel and affected system vendors.
Users of affected devices should apply any security updates provided by manufacturers promptly, though the fundamental vulnerability may persist until hardware replacement occurs in some cases.
#Cyber_Security #Cyber_Security_News #Vulnerability
Оригинальная версия на сайте:
