Home
Platform
Capabilities
Packages
Customers
REsearch
Advisories
All REsearch
PKfail
Lighttpd
XZ Backdoor
LogoFAIL
Learn
Learn
Product Blog
Webinars & Videos
Free Detection Tools
Reports
Company
About
News
Press
Free scan
Book a demo
Free scan
Book a demo
PKfail
The Binarly REsearch team discovered a key leak incident from American Megatrends stemming back to 2018. PKfail involves multiple devices and product lines and enables attackers to gain secure boot access similar to BlackLotus.
Check for PKfail Now
Proof of Concept
Read report
Check for PKfail
PKfail Two Months Later: Reflecting on the Impact
September 16, 2024
Fabio Pagani
In this blog, we dive deeper into newly discovered data points gathered from our free detection service pk.fail and major vendor acknowledgements and developments since the initial disclosure of PKfail in July.
July 25, 2024
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem
The Binarly REsearch team today discloses a key leak incident from American Megatrends stemming back to 2018.
PKfail involves multiple devices and product lines and enables attackers to gain secure boot access similar to BlackLotus.
July 24, 2024
[BRLY-2024-005] Usage of default test keys leads to complete Secure Boot bypass
The Binarly REsearch Team has found that hundreds of devices use an insecure Platform Key (PK) which represents the root of trust for UEFI Secure Boot.
Affected Devices
Get a closer look at Binarly
Our team is available to talk to you about your specific requirements or to give you a full demo
Book A Call