ESET researchers discovered 11 vulnerable UEFI shim bootloaders signed by Microsoft that allow attackers to bypass UEFI Secure Boot by exploiting decade-old vulnerabilities.
UEFI is the first step in your computer booting, turning on.
So, if Secure Boot is supposed to be a ‘lock’, that limits who can access the UEFI … but it turns out that there are many, old, UEFI - Shims, that defeat that ‘lock’… then Secure Boot is not a good ‘lock’.
I don’t mean to be rude but it seems like there might be a bit of language confusion going on here… In English, a ‘shim’ is a kind of crude/simple tool that can be used to break or bypass some actual physical locks.
So ‘UEFI-Shim’ basically means ‘a thing that breaks into your UEFI’.
I don’t think there’s a language barrier here. I’m fluent in English, and I know what a shim is, both IRL and in the software world. I’ve just not run into it in a boot loader context before. And I’m not really knowledgeable when it comes to secure boot, either. Just trying to understand. 🙂
Are you sure that’s a good phrasing though, “that breaks into your UEFI”?
A shim is usually something that you use to add or modify functionality by interception, right? Like a middle-ware, almost. So these old shims, are they responsible for functionality that directly has to do with Secure Boot, or something else?
If so, they are broken — i.e. not fulfilling their purpose.
If something else, they are not broken. They are just breaking something else, or making it vulnerable.
Am I making sense? Does it not make sense? Because after all, I don’t know much about the details of the subject matter. 😁
I think that Victor may not have English as his primary/first language, I am trying to use a simple comparison that is more likely to convey the general, fundamental concepts.
Secure boot is supposed to be a lock.
Turns out there are 10 year old tricks that bypass that lock.
A lock that cannot deny access to people without proper key… is a bad lock.
Yes.
Is UEFI shim = secure boot?
No.
Secure Boot is basically a ‘lock’, on the UEFI.
UEFI - Shim is basically a ‘lockpick’.
UEFI is the first step in your computer booting, turning on.
So, if Secure Boot is supposed to be a ‘lock’, that limits who can access the UEFI … but it turns out that there are many, old, UEFI - Shims, that defeat that ‘lock’… then Secure Boot is not a good ‘lock’.
I don’t mean to be rude but it seems like there might be a bit of language confusion going on here… In English, a ‘shim’ is a kind of crude/simple tool that can be used to break or bypass some actual physical locks.
So ‘UEFI-Shim’ basically means ‘a thing that breaks into your UEFI’.
I don’t think there’s a language barrier here. I’m fluent in English, and I know what a shim is, both IRL and in the software world. I’ve just not run into it in a boot loader context before. And I’m not really knowledgeable when it comes to secure boot, either. Just trying to understand. 🙂
Are you sure that’s a good phrasing though, “that breaks into your UEFI”?
A shim is usually something that you use to add or modify functionality by interception, right? Like a middle-ware, almost. So these old shims, are they responsible for functionality that directly has to do with Secure Boot, or something else?
If so, they are broken — i.e. not fulfilling their purpose.
If something else, they are not broken. They are just breaking something else, or making it vulnerable.
Am I making sense? Does it not make sense? Because after all, I don’t know much about the details of the subject matter. 😁
There’s like dozens of ways to open a lock without the proper key, it’s probably not the best comparison…
I think that Victor may not have English as his primary/first language, I am trying to use a simple comparison that is more likely to convey the general, fundamental concepts.