# PKfail: A Supply Chain Compromise Threatening Secure Boot Across Thousands of Devices
In a major security incident impacting various computing equipment, a supply chain compromise has weakened Secure Boot defenses across multiple models, which include ATMs, point-of-sale (POS) devices, medical instruments, gaming consoles, and voting machines. This vulnerability, known as **PKfail**, results from the employment of non-production test platform keys that were never intended for live deployment. The issue has persisted for over ten years, influencing devices from prominent manufacturers such as Acer, Dell, HP, Lenovo, among others.
## What is Secure Boot?
Secure Boot is a security framework created to guarantee that a device boots strictly using software that is verified by the Original Equipment Manufacturer (OEM). It is a component of the Unified Extensible Firmware Interface (UEFI) and employs cryptographic keys to confirm the integrity of the firmware and bootloader prior to the operating system initiating. Should the software lack a pre-approved digital signature, Secure Boot will prevent it from executing, thereby stopping malicious code from running during the boot sequence.
The foundation of Secure Boot hinges on the **Platform Key (PK)**, a cryptographic key embedded within the system’s firmware. This key establishes the root-of-trust, forming a secure bond between the hardware and firmware. In principle, this guarantees that only verified software is operative on the device.
## The PKfail Dilemma
The PKfail vulnerability emerges from the application of **non-production test platform keys** in numerous device models. These keys, frequently labeled with notices like “DO NOT TRUST,” were never intended for production usage. Nonetheless, due to a collapse in the supply chain and security management, these test keys found their way into genuine products, undermining the entire Secure Boot mechanism.
The private segment of one of these test keys was even made public on GitHub in 2022, rendering it available to a broad audience. This data could facilitate advanced attacks, such as embedding **rootkits** into the UEFI firmware, granting attackers sustained control over a device while circumventing Secure Boot safeguards entirely.
## The Extent of the Issue
Initially, researchers from the security firm **Binarly** pinpointed approximately 513 device models utilizing compromised test keys. However, deeper analysis disclosed that the quantity of affected models is substantially larger—**972 models** at present. Additionally, the number of models utilizing the specific key released on GitHub has escalated from 215 to **490**. The researchers also identified **four additional test keys**, raising the total number of compromised keys to around 20.
The impacted devices cover a diverse array of sectors and application scenarios, including:
– **Medical instruments**
– **Gaming consoles**
– **ATMs**
– **Point-of-sale (POS) devices**
– **Enterprise servers**
– **Voting machines**
The vulnerability spans multiple vendors. Leading device manufacturers like **Acer, Dell, Gigabyte, HP, Lenovo, Intel, Supermicro, and Fujitsu** are involved. Moreover, smaller companies such as **Hardkernel, Beelink, and Minisforum** have also been found to utilize compromised keys in their offerings.
## The Supply Chain Challenge
The root of PKfail can be traced back to the intricacies of the contemporary hardware supply chain. Numerous device manufacturers depend on third-party suppliers for essential components like UEFI firmware. In this scenario, the test keys originated from **AMI**, one of the principal providers of UEFI software development kits (SDKs). Further insights have disclosed that other UEFI providers, including **Insyde** and **Phoenix**, are similarly implicated.
This extensive usage of non-production keys underscores a profound failure in supply chain security. As **Fabio Pagani**, a researcher at Binarly, noted, “The complexity of the supply chain is outweighing our capacity to effectively handle the risks tied to third-party suppliers.”
## The Consequences of PKfail
The PKfail vulnerability erodes the assurances offered by Secure Boot, a safeguard mandated for specific government contractors and required in numerous corporate settings. Secure Boot is also recognized as a best practice for individuals and organizations encountering high-risk threats, such as nation-state adversaries or advanced persistent threats (APTs).
For devices that rely upon Secure Boot, PKfail presents a considerable hazard. Attackers could exploit the compromised keys to bypass Secure Boot safeguards, permitting the installation of malware that remains even after system reboots or operating system reinstalls. This could generate severe repercussions, particularly in critical infrastructures like ATMs, medical devices, and voting machines.
However, for individuals or organizations that do not utilize Secure Boot, PKfail does not introduce an additional risk beyond the standard threats associated with firmware vulnerabilities.
## Detection and Remediation
In light of the PKfail revelation, Binarly has introduced a **free detection tool** that enables users to ascertain if
