Show Your Support: Have you heard of Phoronix Premium? It's what complements advertisements on this site for our premium ad-free service. For less than $4 USD per month, you can help support our site while the funds generated allow us to keep doing Linux hardware reviews, performance benchmarking, maintain our community forums, and much more.
Fedora's GRUB2 EFI Build To Offer Greater Security Options
GRUB2 security modules for verification, Cryptodisk, and LUKS will now be part of the default GRUB2 EFI build. They are being built-in now since those using the likes of UEFI SecureBoot aren't able to dynamically load these modules due to restrictions in place under SecureBoot. So until now using SecureBoot hasn't allowed users to enjoy encryption of the boot partition and the "verify" module with ensuring better integrity of the early boot-loader code.
At last Friday's FESCo meeting, the ticket was approved for including these modules in the default GRUB2 EFI build starting with Fedora 31 due out in October.
For future releases they may also look at automated signature verification as part of grub2-mkconfig as well as allowing cryptodisk to be configured from the Anaconda installer.