when Dropping to a shell in clover on my Gigabyte z170mx bios, I am seeing that my motherboard has untrusted credentials. I have been also dealing with a rootkit that stores itself in the gpu's boot rom, and injects itself into motherboards, hard drives, and pretty much everything plugged into the gpu. I am trying ro find a way that this thing hides itself and takes control of my firmware to make system calls to an outside server. So, I purchased a new motherboard of the same kind (detaching the gpu), and after searching through the efi global variables in the clover shell, I could not identify anything that indicated my bios was comprimised or untrusted anymore. I am wondering if what I am seeing in the eufi shell is related to the rootkit dropping infected payloads on me, and if there is any good way to trace it. Furthermore, I am wondering if I should be concerned about the "Do not trust" indicator notated in hex editor in the clover shell. Please see pics below to understand what I am talking about. Any help, assistance, or direction would be highly appreciated. Any motherboard/uefi shell experts out there?


See the imgur link below for pics.


Z170mx untrusted in clover shell efi variables? Why? - Album on Imgur