A critical security flaw dubbed ‘PKfail’ has exposed vulnerabilities in the Secure Boot process across hundreds of device models, uncovering a major weaknesses in the firmware supply chain. The flaw stems from the misuse of test Platform Keys (PK) in production devices, potentially allowing attackers to bypass Secure Boot protections.
Secure Boot, a cornerstone of platform security, relies on cryptographic keys to verify the integrity of boot processes. However, researchers revealed that many manufacturers are using untrusted keys provided by Independent BIOS Vendors (IBVs) instead of generating their own secure keys.
Scope and Impact of PKfail
The Binarly REsearch Team analysis of firmware images from major device vendors revealed alarming statistics. They discovered that over 10% of firmware images in their dataset use untrusted Platform Keys, and nearly 900 device models are affected with the vulnerability, which has existed in devices for 12 years, starting from May 2012 to June 2024.
They implications of the vulnerability can be severe, as attackers who gain access to compromised private keys could potentially bypass Secure Boot, allowing them to run malicious code during the boot process. This vulnerability affects both x86 and ARM devices, making it a cross-silicon issue.
In 2023, the research team had discovered a significant supply chain security incident when leaked private keys from Intel Boot Guard distributed by Intel in their reference code were used in production. The team also found that the private key from American Megatrends International (AMI) related to the Secure Boot “master key,” called Platform Key (PK), was publicly exposed in a data leak.
The devices corresponding to this key are still deployed in the field, and the key is also being used in recently released enterprise devices. This vulnerability allows attackers to bypass Secure Boot and run malicious code during the boot process, compromising the entire security chain from firmware to the operating system.
Mitigating Threat and Addressing Supply Chain
The PKfail issue highlights multiple security problems related to device supply chain security, including poor cryptographic materials management, the use of non-production cryptographic keys, and the lack of rotation of platform security cryptographic keys per product line.
To mitigate these risks, device vendors must implement stronger cryptographic practices, including secure key generation and management. Users should stay vigilant for firmware updates and apply security patches promptly. The researchers have provided a free website API to check if devices are affected by PKfail.