IGEL OS Boot Signature Verification Bypass

This repository provides a proof-of-concept (PoC) exploit for CVE-2025-47827, a Secure Boot bypass vulnerability in IGEL OS 10 (before v11). The vulnerability arises from improper cryptographic signature verification in the igel-flash-driver kernel module, allowing an attacker to boot a malicious root filesystem from an unverified SquashFS image. The exploit leverages the kexec syscall to replace the running kernel with an attacker-controlled one, either fetched over HTTP or from local disk, thus bypassing Secure Boot and enabling arbitrary code execution at the kernel level. The repository contains several key files: - `mkdiskimage`: A Bash script that automates the process of downloading the official IGEL UDC3 image, extracting and patching the system image, and assembling a bootable disk image with a custom root filesystem or kernel. - `root/sbin/init`: A shell script used as the init process, which parses kernel command-line arguments, fetches or mounts the specified kernel and initrd (supporting both HTTP and local sources), and uses kexec to boot into the attacker-supplied kernel. - `esp/boot/grub/igel.conf`: A GRUB configuration file that defines menu entries for both network and local kexec booting, specifying parameters for kernel, initrd, and command-line arguments. The exploit is primarily local (requires physical or privileged access to the device to modify the boot process), but it also supports network-based payload delivery (fetching kernel/initrd over HTTP). The PoC demonstrates how an attacker can persistently compromise a device by replacing its kernel, effectively rendering Secure Boot protections ineffective on affected IGEL OS systems. The README provides extensive documentation, impact analysis, and references to related resources.