HybridPetya ransomware dodges UEFI Secure Boot

HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

submitted 9 months ago by

cm0002

https://www.theregister.com/2025/09/12/hopefully_just_a_poc_hybridpetya/

Hot Top New Old

[deleted]

edited 9 months ago

Deleted by moderator

RedGreenBlue@lemmy.zip

edited 9 months ago

The manufacturer puts a key on the chip in your computer. Currently controlled by microsoft. The software you boot is checked against these keys and if they don't check out, it will refuse to boot. In theory this means you can't modify the software that is booting. Only microsoft can sign approved code. This includes malware sneakily loading together with the operating system, embeding itself on a low level, with all permissions.

wildbus8979@sh.itjust.works

9 months ago

I think it's important to add some nuance to what you said. While it's true that computers ship with Microsoft keys. One can remove them and install their own. I run all my machines with self signed bootloaders/kernels and it works great!

HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

Insert image

Voting Options

React with an emoji

HybridPetya: More proof that Secure Boot bypasses are not just an urban legend

4 Comments