A Significant and persistent flaws in the management of cryptographic keys within contemporary UEFI firmware have been revealed in a thorough analysis of recent research presented at RSAC 2025, raising grave concerns about the robustness and integrity of platform security throughout the technology sector.
UEFI (Unified Extensible Firmware Interface) forms the foundation of early-stage system security using cryptographic techniques to validate firmware and pre-boot drivers, such as through Intel Boot Guard and Secure Boot, thereby preventing malicious code execution before an operating system loads.
However, as revealed through a series of high-profile incidents and technical analyses, persistent mismanagement and supply chain weaknesses in cryptographic key practices continue to erode these protections.
Supply Chains & Cryptographic Gaps Threaten Security
A pivotal discovery was that more than 67% of devices sampled from a global firmware snapshot still contained expired Intel Platform Properties Assessment Module (PPAM) certificates-a trend that has continued since being first highlighted in 2022.
This failure to update crucial certificates directly undermines the intended assurance of code integrity during the sensitive Pre-EFI Initialization phase.
Even more troubling was the presence of debug certificates, traditionally used only in development, appearing in production devices as recently as late 2024.
While the direct security impact of these specific instances may be minimal, they highlight the broader and persistent challenge of managing cryptographic material in a highly fragmented ecosystem.
According to Binarly Report, the dangers of poor key management are magnified in the context of data breaches.
The industry has witnessed a string of large-scale leaks, each exposing sensitive private keys and leaving a swath of devices vulnerable.
The 2022 LC/FC leak, for instance, resulted in the exposure of multiple Boot Guard and Integrated Sensors Hub keys affecting dozens of products from major vendors such as Lenovo, Supermicro, and Intel.
Similarly, the 2023 MSI ransomware compromise revealed an even wider set of private keys, including 27 signing keys and several Boot Guard keys, increasing the attack surface across more than a hundred device models.
Earlier in 2025, a firmware package update for Clevo was found to contain unencrypted Boot Guard keys, subsequently identified as being used in several Gigabyte devices, further illustrating the unchecked propagation of compromised keys across the supply chain.
The persistence and reuse of leaked keys have had real-world impacts, as shown by longitudinal scans documenting spikes in the use of known-compromised Boot Guard keys, especially following major breaches.
While the industry has begun to respond following public disclosures-such as the significant reduction of affected devices after the PKfail Secure Boot Platform Key leak-it remains clear that once private keys are fused into hardware or widely distributed, replacement is both difficult and slow, leaving a window of vulnerability that can last years.
Key Leaks and Expired Certificates Expose Attack
The Secure Boot ecosystem has also come under attack from both implementation flaws and the continued use of test or development keys in production.
In several instances, such as the “DO NOT TRUST – AMI Test PK” scandal, millions of devices were left susceptible to Secure Boot bypass because test keys, including their private components, were present in production images.
Parallel findings in Supermicro’s BMC firmware revealed test keys still in use months after disclosure, indicating systemic challenges with key lifecycle management.
Vulnerabilities have not been limited to key leakage; software issues, such as memory corruption bugs in signed UEFI modules (for example, CVE-2025-3052), have been discovered in modules signed by trusted authorities like Microsoft.
These bugs allow attackers to execute arbitrary code and subvert Secure Boot on a global scale due to the ubiquity and implicit trust of Microsoft’s signing keys in both consumer and enterprise hardware.
The recurring pattern of key exposure, use of test artifacts in released products, and the delayed revocation or update of certificates signals a profound crisis in cryptographic hygiene within the UEFI firmware development lifecycle.
As incident data demonstrates, the complexity and interdependence of OEMs, IBVs, and silicon vendors make it difficult to contain or remediate these lapses once private keys or flawed binaries propagate into the supply chain.
Ultimately, persistent failures in firmware key management represent not just theoretical risks but concrete vulnerabilities that have been-and continue to be-actively exploited.
As UEFI Secure Boot acts as a critical line of defense against pre-OS malware and rootkits, its compromise undermines trust in the entire platform and highlights the urgent need for systemic reforms in key provisioning, tracking, and incident response across the hardware and firmware ecosystem.
Find this Story Interesting! Follow us on LinkedIn and X to Get More Instant updates
