Announcement

Collapse
No announcement yet.

BootHole Blows Hole In GRUB2 Bootloader Security, Including UEFI SecureBoot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • BootHole Blows Hole In GRUB2 Bootloader Security, Including UEFI SecureBoot

    Phoronix: BootHole Blows Hole In GRUB2 Bootloader Security, Including UEFI SecureBoot

    A major vulnerability in the GRUB2 boot-loader has been made public today that compromises its UEFI SecureBoot capabilities...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    malicious code to be inserted into the system at early boot time
    how that even possible ?
    if someone has access to to my PC to do that it doesn't matter for me what time he/she will do that

    Comment


    • #3
      All major Linux distributions and any other users of the GRUB2 boot-loader will need to be patched.
      Not really. If you’ve got access to the bootloader you’ve got access to the whole system anyway. The only situation when this isn’t the case is—who’d have guessed?—virtual machines. It’s just cloud providers driving security theater once again.

      Comment


      • #4
        Originally posted by Aryma View Post

        how that even possible ?
        if someone has access to to my PC to do that it doesn't matter for me what time he/she will do that
        Inserting the payload in the EFI partition? Modifying grub.cfg?

        Comment


        • #5
          No.. its about you trying to boot non microsoft approved Linux kernel on your machine that can't have secureboot disabled. This is trully a security disaster!

          Comment


          • #6
            coreboot !!!

            Comment


            • #7
              This right here is why some of us are crying out for things to be made in Rust. Is it perfect? Hell no! It shows signs of being maintained by drug addicts. But it is an improvement over C for security, however.

              Comment


              • #8
                Well, looks like another reason to hate GRUB. Aside from that - weren't Secure Boot supposed to prevent such things?

                Comment


                • #9
                  Oh wonderful. But does it require physical access? The article mentions administrator privileges and compares to EFI ransomware, which implies otherwise, but it isn't clear to me.

                  Originally posted by Eclypsium
                  all versions of GRUB2 that load commands from an external grub.cfg configuration file are vulnerable. As such, this will require the release of new installers and bootloaders for all versions of Linux. Vendors will need to release new versions of their bootloader shims to be signed by the Microsoft 3rd Party UEFI CA.
                  Is that correct? Does that mean no one can boot with UEFI without Microsoft's permission/involvement?

                  Originally posted by Eclypsium
                  In February 2020, more than six months after a fixed version had been released, Microsoft pushed an update to revoke the vulnerable bootloader across all Windows systems by updating the UEFI revocation list (dbx) to block the known-vulnerable Kaspersky bootloader. Unfortunately, this resulted in systems from multiple vendors encountering unexpected errors, including bricked devices, and the update was removed from the update servers.
                  That's fun. As in Dwarf Fortress definition of fun. I have never heard anything positive about UEFI. If UEFI had a Metacritic score, it would be about 5, I guess.

                  Maybe we could get rid of all these problems by using a boot process which doesn't suck.

                  Comment


                  • #10
                    Originally posted by wswartzendruber View Post
                    This right here is why some of us are crying out for things to be made in Rust. Is it perfect? Hell no! It shows signs of being maintained by drug addicts. But it is an improvement over C for security, however.
                    lol, but why?

                    Comment

                    Working...
                    X