IGEL OS Secure Boot Bypass Vulnerability in the igel-flash-driver Module

A vulnerability in IGEL OS versions prior to 11 allows for a bypass of Secure Boot. The issue arises because the igel-flash-driver module fails to properly verify cryptographic signatures. This flaw enables the mounting of a crafted root filesystem from an unverified SquashFS image, potentially leading to the execution of malicious code at the kernel level.

Impact

Exploitation of this vulnerability can lead to a bypass of Secure Boot, allowing untrusted operating systems to be booted. This could facilitate the installation of undetectable bootkits or kernel-level rootkits, with various implications such as unauthorized code execution, privilege escalation, denial-of-service, and information leaks.

Reproduction

The vulnerability can be reproduced by booting a machine with IGEL OS 10 using the Microsoft 3rd Party UEFI CA signed Shim. This process involves loading GRUB and the vulnerable kernel, both signed by IGEL Secure Boot Signing CA. Once the system is running, a malicious root filesystem can be mounted from an unverified SquashFS image on disk. The absence of proper signature verification in the igel-flash-driver module allows this exploitation to occur.

Remediation

Users can revoke the certificate used for signing the vulnerable GRUB and kernel images or add the affected kernel hashes to the Secure Boot DBX deny list. Instructions for these actions are available on the IGEL Security Notice ISN-2025-22.