Why anyone ever buys anything other than a ThinkPad (if you absolutely must go with Lenovo) I have no idea. Pretty much every other line of laptops they make is infamously bad, and has been for decades.
Lenovo coded a backdoor and then also leaked the master key to that backdoor (the article doesn't make it super clear, but it seems like the leaked UEFI drivers have some special Lenovo sauce that lets them bypass even secure boot???)
None of this is specific to UEFI, and the exploit doesn't abuse any attack surface added by UEFI that wouldn't exist in a mythical alternative.
MB jumpers that set it to a read-only mode should be a damn standard even at the consumer level. It's a real pain in the ass to remove this — it's literally the worst thing that could happen to a board.
7 comments
[ 3.5 ms ] story [ 30.7 ms ] threadhttps://support.lenovo.com/de/en/product_security/len-73440#...
Seems that even though the article has a picture of a thinkpad, no thinkpads are actually affected
None of this is specific to UEFI, and the exploit doesn't abuse any attack surface added by UEFI that wouldn't exist in a mythical alternative.