Header bannerHeader banner
Advisory ID:
BRLY-2025-002

[BRLY-2025-002] Boot Guard cannot be trusted on multiple Clevo-based devices (the private RSA keys for the Key Manifest and Boot Policy Manifest has been leaked)

March 20, 2025
Severity:
High
CVSS Score
7.6
Public Disclosure Date:
March 20, 2025
CVE ID:

n/a

Summary

BINARLY REsearch team has received information that Clevo firmware update packages are being distributed with private keys for Boot Guard (see article). The Binarly REsearch team checked an internal dataset of firmware images for the use of leaked keys across different vendors and discovered several affected devices, some of which had received updates only a few months ago.
Vendors Affected Icon

Vendors Affected

Insyde
Clevo
Insyde
,
Clevo
,
Affected Products icon

Affected Products

Gigabyte G5 KF5 2024
Gigabyte G5 ME
Gigabyte G5 MF
Gigabyte G6X 9KG 2024
Gigabyte G7 KF
Notebook System Firmware 1.07.07TRO1
Notebook System Firmware 1.07.09TRO1

Potential Impact

The Boot Guard hardening technology in the firmware of affected devices cannot be trusted because the private RSA key for the Key Manifest and Boot Policy Manifest has been leaked. This means that an attacker with write access to the SPI flash storage (e.g. by physical access or by exploiting a BIOS write protection bypass vulnerability) could install a persistent backdoor/implant.

Summary

BINARLY REsearch team has received information that Clevo firmware update packages are being distributed with private keys for Boot Guard: https://github.com/binarly-io/SupplyChainAttacks/issues/6. The Binarly REsearch team checked an internal dataset of firmware images for the use of leaked keys across different vendors and discovered several affected devices, some of which had received updates only a few months ago.

Information

  • BINARLY internal identifier: BRLY-2025-002
  • CVSS v3.1 Score 7.6 High AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected products with confirmed impact by Binarly team

Firmware/Device name ODM IBV Firmware SHA256 Firmware version Release date Latest version
XPG Xenia 15G G2303_V1.0.8 Clevo Insyde fa05164f0e184b9d051aac6442e1d6988a383eadd41a1bf99d99de47930d6fc4 6.2.8320.0 2023-06-14 True
Gigabyte G5 KE Clevo Insyde 3c4a58510e071f9a0e713b7e483fd5bca304f0f4b7eb831581dfec2a8d20e62e FB05 2023-03-07 True
Gigabyte G5 KF 2024 Clevo Insyde 095014cb19b13a8a4d075f94efe44fcb73f8d6f683cf5fb379e0976f121806e6 FD06 2024-01-10 True
Gigabyte G5 KF5 2024 Clevo Insyde e629ec92a8ca755ccb3d89cc8647b15040e913549d678de298e8f14318d17342 FD07 2024-10-17 False
Gigabyte G5 KF5 2024 Clevo Insyde f59dedcc4a68053227583fca07d77b2edd67c90add4754d580dd6c3f152bfb9d FD10 2024-12-09 True
Gigabyte G5 ME Clevo Insyde 4b1ff7ae54ce8769b1c99066eeeb6baea9ab226908dffd8123ca15b6f400d76e FB04 2023-06-05 True
Gigabyte G5 ME Clevo Insyde e1b5d89fc9b9d4c02d528880e8e079baeeaa22442ad8db139901003192f41718 FB04 2023-06-05 False
Gigabyte G5 MF Clevo Insyde 34f1aeee7d4d88280ee378898b7308bbcfead6cc45fbf425ab878996711443f6 FB03 2023-04-14 True
Gigabyte G6 KF Clevo Insyde 8799a6a2aa24e6e32b87142f9327af77970fb48292f622fad51c73307b301501 FB06 2023-10-23 True
Gigabyte G6X 9KG 2024 Clevo Insyde 191c0c4f3e74e574a4f87ecaf88097e1ef3cc67d7ae72fa0daafa7487985b66a FD07 2024-01-19 False
Gigabyte G6X 9KG 2024 Clevo Insyde 1942bfe125bf9f44bd4d4a53c9143ea1c4573e4a83b0b61947a856e8c210cb7b FB10 2025-02-04 True
Gigabyte G7 KF Clevo Insyde 93125b461b258ea947bed4e9bb93915d4902a3fd3992793ba40cf5e116cd1126 FB10 2024-02-16 True
Gigabyte G7 KF Clevo Insyde cb62834b91e0bc701205c5546663fb29780bc5878fab2c538383eeb62ddcab16 FB09 2023-10-18 False
NoteBook System Firmware 1.07.07TRO1 Clevo Insyde 5f75dca52bc15c5534cafcdeb230e1d3014b8fb4e4f3743e432c8381b9e03fff 6.2.8319.7 2023-09-05 True
NoteBook System Firmware 1.07.09TRO1 Clevo Insyde a9e5ffed646e11d81117e52771b9a4c1fbea766ec2c41b16b1ae0af35f3d3e80 6.2.8319.9 2023-11-28 True

Potential impact

The Boot Guard hardening technology in the firmware of affected devices cannot be trusted because the private RSA key for the Key Manifest and Boot Policy Manifest has been leaked. This means that an attacker with write access to the SPI flash storage (e.g. by physical access or by exploiting a BIOS write protection bypass vulnerability) could install a persistent backdoor/implant.

Description

Thierry Laurion created the following issue in the binarly-io/SupplyChainAttacks repository: https://github.com/binarly-io/SupplyChainAttacks/issues/6. He referred to the discovery published in Win-Raid forum about Boot Guard private keys being leaked in Clevo firmware update packages.

The Binarly REsearch team has confirmed that the BootGuardKey.exe binary from the update packages contains private keys for the Key Manifest and Boot Policy Manifest.

Below are the leaked private key modules for KM and BPM as well as the UEFITool log for affected firmware:

# RSA modules extracted from leaked private keys:
$ openssl rsa -in km.pem -noout -modulus | cut -d'=' -f2 | fold -w2 | tac | tr -d '\n'
211D274F08BD768497FB377F0EA739F6CC0852B0899FA2327BD1AE174F38342DE8B57AFE88D80ECA82D51B2CDBEA9AFA5D9328B00C651B2F58F523CD9C16ED35642653182E705287F83D1DB3130E42B4C6E624CD898E4615B40ECF7024907EDA8B292450C6858A9C8DAD07E9DBD39CE4624C9DAF35C6A880359DFFA757C6DCD8E4AB53EF638228D31A0BF6CFB3F527EAB3F268699E66F6022900C35826E7E1BF8433BC91F77D2B1215FD20002FF80480A1B93E69E712BDACF84AE41FE993ABE2890272A4232B116992D1BBED25DD721F231C49942F6304BC3C08E7A9924D5F00A137F7F94984E6EFD88F12169F57A80DB5877B4782490F8CB478B5A81195616EE6EBE8E70E09092DFE3AA91E21052DA76536B6EF61CF9C881AC71442A9D174ACFA4588AA7CCE4AEE333B67D47DE7CD4EE8E4D53FC2D387ADBBA0E238180DE80D1AF1CD8609BA89547FB96808971E4B34B1C832EBEA12A75797E49563D61A5895CA14FA6B6925AEE8DC44F6730CF102CF1001A21CF31AA4386C5569D9148181C5
$ openssl rsa -in bpm.pem -noout -modulus | cut -d'=' -f2 | fold -w2 | tac | tr -d '\n'
5B170A51CF8A4C832E5C7F5D9EC8F1DE48975423E4C00EFE53875D23A3565AAAAE14057BA0ED9242EC466BA5C533C17CAD9366350A2A3C1B9AFE5AECA0BBA8B4396226EB0978C0DFF3EAA423C400C16477B7C9D7EDFFFEBF1BF91A6E1C10501CBFB0AF98EEFE69E10385D8FD4902113C8B6BB9579C28363EDD12C100A3579741BC5115242F45989B0955455051D84F558D6A3579FDB27D84BAC4D84CDC0E61054E36A66D9ED1D434A5C76A1413595445E81275D2D526455A60D5F819796A67D3CFF1794CE7763D2E9103BDEF048816B8E59F46EC03BCBCAA728ABA0B61E5561A5769B18AB266B8DAF48D6F3766EE2D98BF6831A8A8AC0671D168B2A8130BDBE3

# RSA public keys used for the Boot Guard verification chain:
$ UEFITool V15xRNX.BIN
Intel BootGuard Key manifest found at base 11E1DB0h
...
Key Manifest Public Key Exponent: 10001h
Key Manifest Public Key:
211D274F08BD768497FB377F0EA739F6CC0852B0899FA2327BD1AE174F38342D
E8B57AFE88D80ECA82D51B2CDBEA9AFA5D9328B00C651B2F58F523CD9C16ED35
642653182E705287F83D1DB3130E42B4C6E624CD898E4615B40ECF7024907EDA
8B292450C6858A9C8DAD07E9DBD39CE4624C9DAF35C6A880359DFFA757C6DCD8
E4AB53EF638228D31A0BF6CFB3F527EAB3F268699E66F6022900C35826E7E1BF
8433BC91F77D2B1215FD20002FF80480A1B93E69E712BDACF84AE41FE993ABE2
890272A4232B116992D1BBED25DD721F231C49942F6304BC3C08E7A9924D5F00
A137F7F94984E6EFD88F12169F57A80DB5877B4782490F8CB478B5A81195616E
E6EBE8E70E09092DFE3AA91E21052DA76536B6EF61CF9C881AC71442A9D174AC
FA4588AA7CCE4AEE333B67D47DE7CD4EE8E4D53FC2D387ADBBA0E238180DE80D
1AF1CD8609BA89547FB96808971E4B34B1C832EBEA12A75797E49563D61A5895
CA14FA6B6925AEE8DC44F6730CF102CF1001A21CF31AA4386C5569D9148181C5
...
Intel BootGuard Boot Policy Manifest found at base 11E21B0h
...
Boot Policy Public Key Exponent: 10001h
Boot Policy Public Key:
5B170A51CF8A4C832E5C7F5D9EC8F1DE48975423E4C00EFE53875D23A3565AAA
AE14057BA0ED9242EC466BA5C533C17CAD9366350A2A3C1B9AFE5AECA0BBA8B4
396226EB0978C0DFF3EAA423C400C16477B7C9D7EDFFFEBF1BF91A6E1C10501C
BFB0AF98EEFE69E10385D8FD4902113C8B6BB9579C28363EDD12C100A3579741
BC5115242F45989B0955455051D84F558D6A3579FDB27D84BAC4D84CDC0E6105
4E36A66D9ED1D434A5C76A1413595445E81275D2D526455A60D5F819796A67D3
CFF1794CE7763D2E9103BDEF048816B8E59F46EC03BCBCAA728ABA0B61E5561A
5769B18AB266B8DAF48D6F3766EE2D98BF6831A8A8AC0671D168B2A8130BDBE3
...

As we can see, the leaked private key modules match the public key modules used in the KM and BPM structures in the affected firmware.

References

Tags
No items found.

Related Advisories

No items found.
FWHunt
See if you are impacted now with our Firmware Vulnerability Scanner
Scan now
Arrow indicating link