The UEFI threat landscape has evolved significantly over the years, particularly with the emergence of UEFI bootkits. From the first PoC by Andrea Allievi in 2012 targeting Windows systems, several other PoCs followed before the first real UEFI bootkits were found in the wild in 2021. The discovery of Bootkitty, the first UEFI bootkit for Linux systems, challenges the notion that UEFI bootkits are exclusive to Windows. While Bootkitty is a proof of concept and not deployed in the wild, it highlights the need for Linux systems to be prepared for potential future threats. The blogpost delves into the technical analysis of Bootkitty, along with a related kernel module called BCDropper.
https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/