Thursday, May 8, 2025
HomeCVE/vulnerabilityPKfail, Critical Firmware Supply-Chain Issue Let Attackers Bypass Secure Boot

PKfail, Critical Firmware Supply-Chain Issue Let Attackers Bypass Secure Boot

Published on

SIEM as a Service

Follow Us on Google News

Hackers often attack secure boot during the boot process to execute unauthorized code, which gives them the ability to bypass a system’s security measures.

By compromising Secure Boot, they can install rootkits and malware at a low level, gaining persistent control over the system and evading traditional security defenses.

The Binarly Research Team discovered a significant supply chain security issue, code-named “PKfail,” in 2023. It involved leaked private keys of Secure Boot’s Platform Key (PK) from AMI AMI. 

- Advertisement - Google News

PKfail is a failure of the firmware supply chain that affects more than 10% of UEFI ecosystem devices.

It comes from using untrusted Platform Keys (PK) generated by Independent BIOS Vendors and shared across different manufacturers.

Join our free webinar to learn about combating slow DDoS attacks, a major threat today.

PKfail Firmware Supply-Chain Issue

This occurrence affected many vendors of devices, such as manufacturers of enterprise products based in the United States, and exposed weak cryptographic practices plus non-production keys used on production firmware.

This problem affects various product lines and manufacturers, just as it did with a previous Intel Boot Guard key leak.

In response to this, Binarly developed PK.fail, a free scanning tool to identify vulnerable devices and malicious payloads. They also worked with CERT/CC on responsible disclosure and mitigation strategies.

PKfail vulnerability was detected in certain Dell products like XPS 8960 Desktop during Binarly’s collaborative disclosure process.

It was found that these devices initialized Secure Boot variables with AMI’s default non-production Platform Key (PK), consequently making them vulnerable to attacks.

To this effect, NVRAM variables were analyzed from live firmware dumps to confirm the exploit. However, Dell had an effective mitigation strategy in some others.

The module DellSecureBootSmm {d54a91f0-4547-4380-8890-17c19937f853} mitigates this by changing AMI’s default values into hard-coded Dell-specific Secure Boot variables within the module’s data section.

This is due to two different approaches used across Dell’s product line, which highlight how difficult it is for the company to ensure security consistency among diverse product lines.

This report emphasizes the critical importance of proper cryptographic key management in firmware security and highlights how vendor-researcher collaboration can help identify and solve complex security problems.

Besides this, Binarly’s scan revealed 22 different untrusted keys, the most frequently occurring of which was American Megatrends International’s test key.

This cross-silicon problem highlights the importance of cryptographic key management in firmware supply chains and advocates for replacing test keys with securely generated ones, perhaps using hardware security modules.

Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically...

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...

Cisco IOS XE Wireless Controllers Vulnerability Lets Attackers Seize Full Control

A critical security flaw has been discovered in Cisco IOS XE Wireless LAN Controllers...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Cisco IOS, XE, and XR Vulnerability Allows Remote Device Reboots

 Cisco has issued an urgent security advisory (cisco-sa-twamp-kV4FHugn) warning of a critical vulnerability in...

OpenCTI: Free Cyber Threat Intelligence Platform for Security Experts

OpenCTI (Open Cyber Threat Intelligence) stands out as a free, open source platform specifically...

LockBit Ransomware Group Breached: Internal Chats and Data Leaked Online

The notorious LockBit ransomware group, once considered one of the world’s most prolific cyber...