
Attackers could gain the highest possible privilege – boot-level access – to hundreds of PC system models from Gigabyte, Dell, Lenovo, Supermicro, Acer, and others. The vendors did not bother to change the test master keys provided by the UEFI developer, labeled “DO NOT TRUST,” according to a report by security firm Binarly.
Even devices released in 2024, such as Dell Alienware laptops, Gigabyte GPU servers, or Acer desktop PCs, are included in the list of devices affected by the Secure Boot compromise. It often affects enterprise-grade or high-end equipment.
Secure Boot, which protects the computer during startup before the operating system loads, is considered “a holy grail of platform security.” It ensures that only trusted code can run when the device boots. A cryptographic key is used to verify the authenticity of the software.
This master key should be secret, unique, and only known to the vendor. However, a single key, shared on GitHub, was discovered to be “protecting” probably millions of devices worldwide.
The issue spans over 12 years, from 2012 to June 2024, and about 8-10% of firmware images in the Binarly dataset allegedly use untrusted keys. According to the company, the full list of affected devices already contains almost 900 models.
“The problem arises from the Secure Boot “master key,” known as the Platform Key (PK) in UEFI terminology,” the report reads. “The Binarly research team discovered that hundreds of products use a test Platform Key generated by American Megatrends International (AMI).”
This single key was shared among many vendors with the expectation that it wouldn’t be reused or trusted. The provided code included clear warnings, such as the strings “DO NOT TRUST” or “DO NOT SHIP.“
The same keys with the same labels are now being discovered within the firmware of numerous devices.

Researchers didn’t have to look far to obtain the key – they found it on GitHub, where the firmware developer probably leaked a private component of the Platform Key.
“The private key was stored in an encrypted file, which was “protected” by a weak 4-character-long password and thus easily guessable with any password-cracking tool,” the researchers noted.
They dubbed this firmware supply-chain issue PKFail. An attacker with access to the platform key can bypass Secure Boot and load malicious code that appears to be legitimately signed.
This could grant the attacker the highest possible privileges on the system, even exceeding those of the Windows kernel, since UEFI loads before the OS. Theoretically, the malware could run on boot before the operating system starts, and researchers have demonstrated a proof of concept.
“Exploiting PKfail allows attackers to run untrusted code during the boot process, even with Secure Boot enabled. This compromises the entire security chain, from firmware to the operating system,” the report reads.
There are no quick fixes either. Many older devices are no longer supported, and users may need to install new firmware updates on the newer devices when available. Updating UEFI (aka BIOS) sometimes requires technical knowledge.

“Users should stay informed about firmware updates from their device vendors and apply any security patches that address PKfail vulnerabilities.”
Binarly provided an online tool to check whether the firmware is affected by PKfail.
Devices affected by PKfail will have the Platform Key certificate's subject and issuer fields containing the string DO NOT TRUST or DO NOT SHIP.
Your email address will not be published. Required fields are markedmarked