Bill Demirkapi

Booting with Caution: Dissecting Secure Boot's Third-Party Attack Surface


Secure Boot is integral in shielding a computer’s boot environment from unauthorized code. By only allowing the execution of modules signed by Microsoft or the UEFI Certificate Authority (CA), it raises a barrier against attackers, primarily restricting them to vulnerabilities in legitimate code. While the bar for exploitation is high- typically requiring Admin or some physical access, the potential impact for disk encryption and malicious persistence is significant..

But just how robust is Secure Boot? This talk will focus on the notable risk posed to customers by the attack surface from third-party UEFI code. Diving into real-world vulnerabilities, we’ll highlight process gaps found in the vulnerability response by first- and third-parties. We’ll discuss how Secure Boot, despite its strengths, has systemic design limitations, posing unique challenges for defenders. We’ll review what you can do to protect your organization, and what we need to focus on as an industry if we wish to maintain Secure Boot as a defensible boundary.


Bill Demirkapi is a security researcher with an intense passion for Windows Internals. His interests include reverse engineering and vulnerability research, ranging from low-level memory corruption to systemic flaws with catastrophic consequences. He started his journey in high school and has since published his work at internationally-recognized conferences like DEF CON and Black Hat USA. In his pursuit to make the world a better place, Bill constantly looks for the next significant vulnerability, following the motto "break anything and everything".