Bypass Record

Pre-OS Boot × Google ChromeOS

A publicly-reported instance of Pre-OS Boot bypassing Google ChromeOS, recorded with its original source. Factual record; no assessment of any specific deployment.

Product

Google ChromeOS

Technique

Pre-OS Boot

MITRE ATT&CK

T1542

Confidence

High

Severity

High

Status

poc

Disclosed

2024-10-11

Config / version noted

Not stated

Provenance

github.com
disclosed 2024-10-11 · original source · via exa

Reported as

bypasses Google Security Chip verification by bridging flash chip pins to disable RO verification, allowing device unenrollment

Mechanism

The exploit bridges pins 3 and 8 of the flash chip to prevent the Google Security Chip from verifying device hashes during power loss, temporarily bypassing validation checks. This allows disabling read-only (RO) verification via flashrom commands, setting GBB flags, and ultimately unenrolling the device using Sh1mmer and manual TPM/cryptohome commands.

Detection & mitigation

Monitor for physical tampering indicators such as unexpected chassis intrusion events or changes in boot integrity measurements (e.g., TPM PCR values) that deviate from known-good baselines. Mitigate by enforcing full disk encryption, secure boot, and physical security controls to prevent unauthorized hardware access.

Pre-OS Boot has also been recorded against

AMI Insyde Microsoft Qualcomm Unisoc

This is a record of a publicly-reported event, not an assessment of any specific organization's deployment. Detection and mitigation notes are drawn from the cited source. Where the source is silent, fields are omitted.