It looks like MSI is getting in on the fun, having their UEFI BootGuard keys leaked.
With no easy way to revoke compromised keys, MSI, and its customers, are in a real pickle.
arstechnica.com
What's most remarkable is MSI's response, or lack thereof. While some PC suppliers have a patching procedure that is ramshackle, at the best of times, it appears that MSI has no security process, and therefore has no idea how to deal with this. Intel has also been cagey with a response, having already had issues with their Management Engine firmware a couple years ago. It looks like the keys are burned into hardware, so there's not much MSI can do about this, other than warn users to only download updates directly from their website...the same website that has already been compromised previously. Since it isn't clear how long they've been vulnerable, there's no telling how many products may have been impacted.
With Intel's BootGuard keys being leaked, maybe it's time for PC users to switch to AMD, and hope that their chips don't explode. Both are bad outcomes, either having all of your credentials stollen, or your house burning down.
This also brings up the wider issue with the adoption of UEFI. The more complex the firmware, the more it is open to attack. I wasn't a big fan of UEFI when it was first announced, and assumed it would become a security nightmare. It's essentially an operating system that boots before your operating system.
While no product is 100% secure, this is yet another reason for Apple to move Mac users over to Apple Silicon as quickly as possible. Intel Macs still use UEFI, which has had security issues over the years, while iBoot remains secure. That's not to mention the side-channel attacks with Hyper-threading within Intel's CPUs. On top of that, Apple's T2 chip has its own unfixable vulnerability. Thus far, Apple Silicon looks to be reasonably bullet proof, certainly compared to traditional PC technology.
It's another example of the benefits Apple has when controlling the whole stack. Microsoft didn't get serious about security until Windows XP SP2. OS X had been traditionally more secure, but there was a time when Apple appeared to fall behind, mainly being protected by marketshare. These days, I'd wager that the Mac is far more secure than the average PC, which depends upon the chain of trust of dozens of manufacturers. Plus, Apple can issue an update as soon as it's ready, while herding the PC suppliers is an entirely different proposition.
