Clevo Devices Vulnerable as Boot Guard Private Key Leaks via Firmware Updates

A recent investigation has revealed that several Clevo-based devices are vulnerable due to a leak of Boot Guard private keys.

This vulnerability was first reported on the Win-Raid forum and involves firmware updates containing sensitive Boot Guard Key Manifest (KM) and Boot Policy Manifest (BPM) private keys.

Boot Guard is a security technology used by Intel to ensure that only authorized firmware is executed during system boot, preventing unauthorized code from running.

However, if the private keys associated with this technology are leaked, attackers can use them to sign malicious firmware images that bypass Boot Guard’s security checks.

Investigation Details

The Binarly Research team, known for their work in uncovering UEFI ecosystem vulnerabilities, was alerted to the issue after a post on the Win-Raid forum detailed the discovery of Boot Guard key manifests in firmware updates for Clevo devices.

Upon investigation, the team confirmed that two private keys were embedded within the BootGuardKey.exe binary and standalone files.

These keys matched the modules used in a Clevo firmware image, effectively allowing malicious firmware to bypass Boot Guard validation.

To understand the extent of this vulnerability, Binarly integrated the leaked keys into their Transparency Platform for an ecosystem-wide scan.

The results were surprising, revealing 15 firmware images across 10 unique devices that used these compromised keys. Notably, these devices included recently released models like the Gigabyte G6X 9KG from 2025.

While the leak does not appear to affect other major vendors, the potential reach is significant due to Clevo’s role as an original design manufacturer (ODM) for several brands.

Affected Devices

The following devices have firmware images containing the leaked keys:

• XPG Xenia 15G G2303_V1.0.8 (Clevo, Insyde)
• Gigabyte G5 KE (Clevo, Insyde)
• Gigabyte G5 KF 2024 (Clevo, Insyde)
• Gigabyte G5 KF5 2024 (Clevo, Insyde)
• Gigabyte G5 ME (Clevo, Insyde)
• Gigabyte G6 KF (Clevo, Insyde)
• Gigabyte G6X 9KG 2024 (Clevo, Insyde)
• Gigabyte G7 KF (Clevo, Insyde)
• Notebook System Firmware 1.07.07TRO1 (Clevo, Insyde)

Binarly reported the vulnerability to CERT/CC on February 28, 2025, but the case was closed shortly after without a detailed explanation.

The leak highlights the interconnected risks within the UEFI ecosystem, where a single key compromise can affect multiple devices across different vendors.

Recommendations

• Users of affected devices should monitor for firmware updates that address this vulnerability.
• Manufacturers should conduct thorough security audits to prevent similar leaks in the future.
• The broader UEFI community should remain vigilant for signs of compromised security keys and collaborate to strengthen security standards.

The leak of Boot Guard private keys in Clevo firmware updates presents a significant security risk, underscoring the need for robust security practices across the entire UEFI ecosystem.

Are you from SOC/DFIR Teams? – Analyse Malware, Phishing Incidents & get live Access with ANY.RUN -> Start Now for Free.