ASRock UEFI update: Patch UEFI LogoFail vulnerabilities

First time I heard of “LogoFail” then, Google A.I. feeds me this from Kasperski:

“The LogoFAIL exploit bypasses hardware and software security, and can affect nearly all Windows and Linux machines with UEFI. The LogoFAIL attack exploits the image parsers used in UEFI system firmware to load logo images on startup screens, earning the name “LogoFAIL”. The malicious code survives even if the OS is reinstalled, which is usually desired by APT attack operators.”

Makes me glad now that Plymouth blacked out my logon screen, because research here on Manjaro led me to remove Plymouth and just go with a non-animated screen.

Are the two in any way related?


If your UEFI/BIOS is unpatched and has the ability to serve logo images at boot in the way the exploit takes advantage of … it does not matter whether you use some secondary boot splash or not. Having plymouth or anything similar installed or enabled (or not) has absolutely zero impact on LogoFAIL.

From some article in December

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack | Ars Technica

Check if you have update for the bios, some vendors already released one. For example Insyde at lest on lenovo relesed an update at the end of January.

If you are really paranoid, that you can catch some virus on your manjaro, execute it as root and it can write itself in your logo, you can disable access to efi from the os altogether, even with root. Just add -noefi to the kernel parameters.

This will of course lead to, that everything that works with efi will fail, like efibootmgr or install-grub

Be an educated computer user as this is the ultimate method of avoiding all kinds of malware.

Stay informed - do some deep background research - before installing and using questionable applications designed for shadowy tasks.

Stay away from warez, porn, cracked games, and questionable websites - that includes popular websites like those under the Meta umbrella e.g. Facebook has been used to propagate malware onto vulnerable devices.

Stay away from random snaps - sometimes disguised to steal - anything worth stealing.
Same thing can be said about flatpaks or financial options trading platform apps.

And remember - most of those vulnerabilities reported around the web cannot be effectively exploited without the interaction of the user or by physical accessing the device.


and verify the sources where your informations come from !
in this part of your sentence are 2 potential malicious “viruses”.
got them ?
i bet
a) Google A.I.
b) Kaspersky

verify the sources you trust

1 Like

Generally try to avoid anything that is not in the repos and not opensource. For the aur packages, look at the build script, what it does and where it pulls files from.
For flatpaks, open the flathub site and look at the permissions. For example, there are 2 or 3 Totp apps. I chose the one that had no permission to acces the internet at all so that i am sure my codes are not sent anywhere. Appimages can be decompressed with --extract-image and looked at the contents, and uploaded in virustotal. And snaps…just forget them.