According to Binarly Research Team, Secure Boot was compromised in several devices, due to a supply-chain vulnerability called PKfail.
The PKfail vulnerability is based on a test Secure Boot "Master key" or "Platform key" which if compromised, can grant attackers the ability to take over the vulnerable endpoints, and install malware and other dangerous code.
The PK is an integral part of the Unified Extensible Firmware Interface or UEFI Secure Boot process, which ensures that a computer boots only with trusted software by the Original Equipment Manufacturer or OEM.
"This Platform Key, which manages the Secure Boot databases and maintains the chain of trust from firmware to the operating system, is often not replaced by OEMs or device vendors, resulting in devices shipping with untrusted keys," the Binarly Research Team said.
Reportedly, more than 800 products of Acer, Aopen, Dell, Formelife, Fujitsu, Gigabyte, HP, Intel, Lenovo, and Supermicro, used untrust test keys.
"The first firmware vulnerable to PKfail was released back in May 2012, while the latest was released in June 2024. Overall, this makes this supply-chain issue one of the longest-lasting of its kind, spanning over 12 years," the security firm added.
For comments and feedback contact: editorial@rttnews.com
Business News
May 15, 2026 15:25 ET Apart from the confirmation of Kevin Warsh as the next Fed chair, the main news on the economics front this week included key price data from the U.S. and the first quarter economic growth figures from major economies. Both consumer prices and producer costs have started to reflect the effect of supply shocks due to the Middle East conflict. In Europe, GDP data was in focus, while inflation data from China dominated the news flow in Asia.