Search Results: SecureBoot

Nearly 200,000 Framework laptops and desktops shipped with a dangerous UEFI shell command that allows attackers to disable Secure Boot protections. The 'mm' memory modification tool—meant for diagnostics—can be exploited to load persistent bootkits like BlackLotus. Framework has released firmware patches for most models, but unpatched systems remain vulnerable to OS-level security bypasses.

A security researcher details their successful attack chain on a Qualcomm QCM2150-based POS terminal with disabled Secure Boot. By creatively repurposing the SBL1 as an EDL loader and patching critical boot stages, they achieved full BootROM-level code execution and persistent root access—all without physical modifications.