No, in theory this is any root access to Secure Boot bypass with no user interaction, using a process like:
- Use efibootmgr as root to set the first boot option to "EFI Shell"
- Put startup.nsh with malicious code at the root of the ESP
- Startup.nsh starts OS patched with malware
I have written no PoC tho, so it is only a theoretical attack, but I think it is definitely possible.
No, in theory this is any root access to Secure Boot bypass with no user interaction, using a process like:
- Use efibootmgr as root to set the first boot option to "EFI Shell"
- Put startup.nsh with malicious code at the root of the ESP
- Startup.nsh starts OS patched with malware
I have written no PoC tho, so it is only a theoretical attack, but I think it is definitely possible.