Announcement

**Aryma** · 29 July 2020, 03:14 PM

malicious code to be inserted into the system at early boot time

how that even possible ?
if someone has access to to my PC to do that it doesn't matter for me what time he/she will do that

**bearoso** · 29 July 2020, 03:16 PM

All major Linux distributions and any other users of the GRUB2 boot-loader will need to be patched.

Not really. If you’ve got access to the bootloader you’ve got access to the whole system anyway. The only situation when this isn’t the case is—who’d have guessed?—virtual machines. It’s just cloud providers driving security theater once again.

**tildearrow** · 29 July 2020, 03:17 PM

Originally posted by Aryma View Post

how that even possible ?
if someone has access to to my PC to do that it doesn't matter for me what time he/she will do that

Inserting the payload in the EFI partition? Modifying grub.cfg?

**Maxim Levitsky** · 29 July 2020, 03:52 PM

No.. its about you trying to boot non microsoft approved Linux kernel on your machine that can't have secureboot disabled. This is trully a security disaster!

**CochainComplex** · 29 July 2020, 03:59 PM

coreboot !!!

**wswartzendruber** · 29 July 2020, 04:04 PM

This right here is why some of us are crying out for things to be made in Rust. Is it perfect? Hell no! It shows signs of being maintained by drug addicts. But it is an improvement over C for security, however.

**dragon321** · 29 July 2020, 04:07 PM

Well, looks like another reason to hate GRUB. Aside from that - weren't Secure Boot supposed to prevent such things?

**Teggs** · 29 July 2020, 04:22 PM

Oh wonderful. But does it require physical access? The article mentions administrator privileges and compares to EFI ransomware, which implies otherwise, but it isn't clear to me.

Originally posted by Eclypsium

all versions of GRUB2 that load commands from an external grub.cfg configuration file are vulnerable. As such, this will require the release of new installers and bootloaders for all versions of Linux. Vendors will need to release new versions of their bootloader shims to be signed by the Microsoft 3rd Party UEFI CA.

Is that correct? Does that mean no one can boot with UEFI without Microsoft's permission/involvement?

Originally posted by Eclypsium

In February 2020, more than six months after a fixed version had been released, Microsoft pushed an update to revoke the vulnerable bootloader across all Windows systems by updating the UEFI revocation list (dbx) to block the known-vulnerable Kaspersky bootloader. Unfortunately, this resulted in systems from multiple vendors encountering unexpected errors, including bricked devices, and the update was removed from the update servers.

That's fun. As in Dwarf Fortress definition of fun. I have never heard anything positive about UEFI. If UEFI had a Metacritic score, it would be about 5, I guess.

Maybe we could get rid of all these problems by using a boot process which doesn't suck.

**cl333r** · 29 July 2020, 04:28 PM

Originally posted by wswartzendruber View Post

This right here is why some of us are crying out for things to be made in Rust. Is it perfect? Hell no! It shows signs of being maintained by drug addicts. But it is an improvement over C for security, however.

lol, but why?

Announcement

BootHole Blows Hole In GRUB2 Bootloader Security, Including UEFI SecureBoot

BootHole Blows Hole In GRUB2 Bootloader Security, Including UEFI SecureBoot

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment