Protectli has identified that our devices using AMI firmware are affected by the PKFail vulnerability. Protectli’s Open Source firmware alternative, coreboot, is not affected by PKFail.  

This vulnerability only affects users who have explicitly turned on Secure Boot with a device running AMI firmware and an Operating System that supports Secure Boot. Exploiting this vulnerability requires either root privileges or physical access to the hardware.

For those who have enabled Secure Boot, we recommend switching to coreboot. Protectli publishes a tool called Flashli for installing coreboot on Vaults – learn more on the Knowledge Base article on how to use Flashli.

Updated AMI BIOS images with properly secured Platform Keys have been released for affected devices – the only exception is the VP2410 which we are actively working on as your security is our priority. They are currently available on Flashli.

We have released AMI images (PKfail fix) for the following units:

• FW2B, FW4B, FW4C, FW6 series (w/ i210 and i211)
• V1000 series
• VP2420 (coming soon for VP2410)
• VP4600 series
• VP6600 series
  
  

As always, Protectli support can be reached should you have any questions — contact us directly or check out our resources.