DEF CON 30 - Mickey Shkatov, Jesse Michael - One Bootloader to Load Them All

Introduced in 2012, Secure Boot – the OG trust in boot – has become a foundational rock in modern computing and is used by millions of UEFI-enabled computers around the world due to its integration in their BIOS. In this presentation, Jesse and Mickey discuss past and current flaws in valid bootloaders, including some which misuse built-in features to inadvertently bypass Secure Boot. They also discuss how in some cases malicious executables can hide from TPM measurements used by BitLocker and remote attestation mechanisms as well as how to use the custom tools they created to allow for a consistent bypass for secure boot effective against every X86-64 UEFI platform.