Last weekend it was announced that the signing key that motherboard vendors use to digitally sign BIOS updates to their UEFI implementations has been stolen, along with other juicy bits of the source code that make up UEFI. This means that it’s now very easy for hackers to sign malicious code and pretend that it’s a new update, so beware for the next month or two to see how this plays out. Don’t accept BIOS updates from any other external source besides your motherboard vendor. On the flip side, if the signing key can’t be replaced, this means that people with less evil intentions may help the community to get rid of that ridiculous Secure Boot software.
Discuss this in the forums: Linky