1. Insecure Default Secure Boot Policy for Option ROMs

Description:
In order to help prevent vulnerabilities in secure boot implementations, the default policy for Option ROMs was changed to a more secure value.
Recommendation:
This issue is addressed by EDK2 SVN https://sourceforge.net/p/edk2/code/14607​
Acknowledgments:
Reported by the Advanced Threat Research team at Intel Security.

Security Advisory

2. Incorrect PKCS#1v1.5 Padding Verification for RSA Signature Check

Last modified 2yr ago