According to the video, the root kit discussed does not work on Linux, it involves a dropper that writes a Windows service .exe to the NTFS volume. They have not seen a version that runs on Linux Or MacOS.
"Secure Boot" mode also doesn't protect against the rootkit, because it considers the contents of the UEFI Bios in the SPI Flash the root of trust, and does not do any verification at that stage. It only verifies the bootloader, which loads the OS.
It abuses platforms that do not implement the BIOS Write Lock mechanism incorrectly. (the BIOS is supposed to be write protected after UEFI Boot services hands stuff over to the Operating system)
Incidentally, (according to the video) BitLocker disk encryption can defeat it, though the legitimate LoJack system has a way of working with BitLocker. I think the implication is that a more advanced version of the rootkit may, in the future, work with BitLocker.
This comment was flag killed but I've vouched for it because I think it is a legitimate question posed by someone without domain expertise.
To someone who perhaps does not fully understand the implications of a uefi rootkit, the article might seem to imply that it wouldn't work on anything but windows.
>> It abuses platforms that do not implement the BIOS Write Lock mechanism incorrectly
I agree that post-boot the BIOS should be read-only.
> The UEFI payload would work on Linux systems, yes. But the delivery system described would not.
There was a case of rm -rf / erasing UEFI variables on linux system, rendering the system unbootable. Mapping the BIOS into the file-system doesn't strike me as too clever, but then again what do I know.
