Key Management Errors Put the UEFI Ecosystem at Risk
At the end of February 2025, Binarly received a report about a suspicious incident within the UEFI ecosystem. A public repository called SupplyChainAttacks indicated a leak of private Boot Guard keys in Clevo device firmware. The source of the leak was a Win-Raid forum post, where a user discovered private keys publicly available in a BIOS update package.
The investigation confirmed these concerns: BootGuardKey.exe contained two private keys, also duplicated in separate PEM files. The extracted key modules matched those used in Boot Guard Key Manifest and Boot Policy Manifest in Clevo firmware. This means that an attacker could use these keys to sign malicious firmware, which would then pass authentication at the platform level, completely bypassing Intel Boot Guard protections.
Binarly identified 15 firmware versions containing exposed keys, affecting 10 unique devices, all using Insyde BIOS and manufactured on Clevo ODM platforms. Notably, this includes multiple Gigabyte laptop models, including the Gigabyte G5, G6, and G7, as well as the 2025 Gigabyte G6X 9KG.
The leaked keys affect both outdated and currently active firmware versions, meaning that compromised keys are still in use on existing devices. This makes the potential security risk particularly severe.
Additionally, the two affected system BIOS versions (Notebook System Firmware) do not correspond to specific branded devices, suggesting that other OEM manufacturers may also be impacted.
Binarly emphasized that this issue is exclusive to Clevo-based platforms. Their extensive firmware database of over 200,000 firmware packages from various manufacturers did not reveal similar leaks among other vendors. This indicates that the incident stems from Clevo’s specific key management errors rather than a broader industry-wide failure.
Binarly reported the vulnerability under BRLY-2025-002 to the CERT/CC coordination center on February 28. However, the case was closed within days without detailed explanations.
More details, along with an analysis of recurring key management failures, will be presented by Binarly at the upcoming RSA Conference.
At the end of February 2025, Binarly received a report about a suspicious incident within the UEFI ecosystem. A public repository called SupplyChainAttacks indicated a leak of private Boot Guard keys in Clevo device firmware. The source of the leak was a Win-Raid forum post, where a user discovered private keys publicly available in a BIOS update package.
Confirmed Key Exposure
The investigation confirmed these concerns: BootGuardKey.exe contained two private keys, also duplicated in separate PEM files. The extracted key modules matched those used in Boot Guard Key Manifest and Boot Policy Manifest in Clevo firmware. This means that an attacker could use these keys to sign malicious firmware, which would then pass authentication at the platform level, completely bypassing Intel Boot Guard protections.
Binarly identified 15 firmware versions containing exposed keys, affecting 10 unique devices, all using Insyde BIOS and manufactured on Clevo ODM platforms. Notably, this includes multiple Gigabyte laptop models, including the Gigabyte G5, G6, and G7, as well as the 2025 Gigabyte G6X 9KG.
| Device Name | ODM | IBV | Firmware Version | Release Date | Latest Version Affected |
|---|---|---|---|---|---|
| XPG Xenia 15G G2303_V1.0.8 | Clevo | Insyde | 6.2.8320.0 | 2023-06-14 |  |
| Gigabyte G5 KE | Clevo | Insyde | FB05 | 2023-03-07 | |
| Gigabyte G5 KF 2024 | Clevo | Insyde | FD06 | 2024-01-10 | |
| Gigabyte G5 KF5 2024 | Clevo | Insyde | FD07 | 2024-10-17 |  |
| Gigabyte G5 KF5 2024 | Clevo | Insyde | FD10 | 2024-12-09 | |
| Gigabyte G5 ME | Clevo | Insyde | FB04 | 2023-06-05 | |
| Gigabyte G5 ME | Clevo | Insyde | FB04 | 2023-06-05 | |
| Gigabyte G5 MF | Clevo | Insyde | FB03 | 2023-04-14 | |
| Gigabyte G6 KF | Clevo | Insyde | FB06 | 2023-10-23 | |
| Gigabyte G6X 9KG 2024 | Clevo | Insyde | FD07 | 2024-01-19 | |
| Gigabyte G6X 9KG 2024 | Clevo | Insyde | FB10 | 2025-02-04 | |
| Gigabyte G7 KF | Clevo | Insyde | FB10 | 2024-02-16 | |
| Gigabyte G7 KF | Clevo | Insyde | FB09 | 2023-10-18 | |
| Notebook System Firmware 1.07.07TRO1 | Clevo | Insyde | 6.2.8319.7 | 2023-09-05 | |
| Notebook System Firmware 1.07.09TRO1 | Clevo | Insyde | 6.2.8319.9 | 2023-11-28 | |
Scope of the Threat
The leaked keys affect both outdated and currently active firmware versions, meaning that compromised keys are still in use on existing devices. This makes the potential security risk particularly severe.
Additionally, the two affected system BIOS versions (Notebook System Firmware) do not correspond to specific branded devices, suggesting that other OEM manufacturers may also be impacted.
Unique to Clevo-Based Devices
Binarly emphasized that this issue is exclusive to Clevo-based platforms. Their extensive firmware database of over 200,000 firmware packages from various manufacturers did not reveal similar leaks among other vendors. This indicates that the incident stems from Clevo’s specific key management errors rather than a broader industry-wide failure.
Disclosure and Industry Response
Binarly reported the vulnerability under BRLY-2025-002 to the CERT/CC coordination center on February 28. However, the case was closed within days without detailed explanations.
More details, along with an analysis of recurring key management failures, will be presented by Binarly at the upcoming RSA Conference.