Posts

Showing posts with the label UEFI Update

Exclusive: CISA Sounds the Alarm on UEFI Security

Image
Against the backdrop of the debacle that mitigating the BlackLotus bootkit has become, the Cybersecurity and Infrastructure Security Agency (CISA) is calling for revamped security for Unified Extensible Firmware Interface (UEFI) update mechanisms. In a blog post published by , CISA is urging the computer industry across the board to take a secure-by-design approach to bolster the overall security of UEFI, which is the firmware that's responsible for a system's booting-up routine. It's comprised of several components — including security and platform initializers, drivers, bootloaders, and a power management interface. "Secure-by-design is about having the organizations that design the software take responsibility for the security, and that includes the update pathways," Jonathan Spring, senior technical advisor at CISA, tells Dark Reading in an exclusive interview. UEFI is a popular attack surface because if it's loaded with malicious code, thr