According to the video, the root kit discussed does not work on Linux, it involves a dropper that writes a Windows service .exe to the NTFS volume. They have not seen a version that runs on Linux Or MacOS.
"Secure Boot" mode also doesn't protect against the rootkit, because it considers the contents of the UEFI Bios in the SPI Flash the root of trust, and does not do any verification at that stage. It only verifies the bootloader, which loads the OS.
It abuses platforms that do not implement the BIOS Write Lock mechanism incorrectly. (the BIOS is supposed to be write protected after UEFI Boot services hands stuff over to the Operating system)
Incidentally, (according to the video) BitLocker disk encryption can defeat it, though the legitimate LoJack system has a way of working with BitLocker. I think the implication is that a more advanced version of the rootkit may, in the future, work with BitLocker.
"Secure Boot" mode also doesn't protect against the rootkit, because it considers the contents of the UEFI Bios in the SPI Flash the root of trust, and does not do any verification at that stage. It only verifies the bootloader, which loads the OS.
It abuses platforms that do not implement the BIOS Write Lock mechanism incorrectly. (the BIOS is supposed to be write protected after UEFI Boot services hands stuff over to the Operating system)
Incidentally, (according to the video) BitLocker disk encryption can defeat it, though the legitimate LoJack system has a way of working with BitLocker. I think the implication is that a more advanced version of the rootkit may, in the future, work with BitLocker.