>rather than getting bogged down in the complexities of UEFI firmware,<p>and having to defeat various memory detections built into the SPI-connected flash chip that stores it,<p>BlackLotus developers deploy standard binary files to the EFI system partition.<p>The ESP, as it’s abbreviated, is a traditional disk partition that’s much easier to access.<p><pre><code> Unlike the flash chip, the ESP *doesn’t have protections* such as BIOS Write Enable,
BIOS Lock Enable, and SPI Protected Ranges, which make it difficult to write or modify stored data.
</code></pre>
>Running as a bootloader gives them almost the same capabilities as firmware implants,<p>but without having to overcome the multilevel SPI flash defenses, such as the BWE, BLE, and PRx protection bits,<p>or the protections provided by hardware (like Intel Boot Guard).<p>Sure, UEFI Secure Boot stands in the way of UEFI bootkits,<p>but there are a non-negligible number of known vulnerabilities that allow bypassing this essential security mechanism.<p>And the worst of this is that some of them are still easily exploitable on up-to-date systems<p><pre><code> even at the time of this writing—including the one exploited by BlackLotus.</code></pre>