Articles & Reviews
News Archive
Forums
Premium
Contact
Categories

Computers Display Drivers Graphics Cards Linux Gaming Memory Motherboards Processors Software Storage Operating Systems Peripherals

Fedora's GRUB2 EFI Build To Offer Greater Security Options

Written by Michael Larabel in Fedora on 24 June 2019 at 02:35 AM EDT. 3 Comments

FEDORA

In addition to disabling root password-based SSH log-ins by default, another change being made to Fedora 31 in the name of greater security is adding some additional GRUB2 boot-loader modules to be built-in for their EFI boot-loader.

GRUB2 security modules for verification, Cryptodisk, and LUKS will now be part of the default GRUB2 EFI build. They are being built-in now since those using the likes of UEFI SecureBoot aren't able to dynamically load these modules due to restrictions in place under SecureBoot. So until now using SecureBoot hasn't allowed users to enjoy encryption of the boot partition and the "verify" module with ensuring better integrity of the early boot-loader code.

At last Friday's FESCo meeting, the ticket was approved for including these modules in the default GRUB2 EFI build starting with Fedora 31 due out in October.

For future releases they may also look at automated signature verification as part of grub2-mkconfig as well as allowing cryptodisk to be configured from the Anaconda installer.

3 Comments

Related News

Fedora KDE Desktop Spin Promoted To Same Tier As GNOME-Based Fedora Workstation

Fedora Stakeholders Debate Idea Of "-O3" Optimized Packages

Fedora 41 Releases Today With Many Shiny New Features

Suggestion Raised For Using PGO + LLVM BOLT To Optimize More Fedora Packages

Fedora 41 Has Working Intel IPU6 Web Camera Support With Modern Laptops

Fedora's Kernel Build Now Enabling Sched_Ext Support

About The Author

Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week

Linus Torvalds Lands A 2.6% Performance Improvement With Minor Linux Kernel Patch

VMware Workstation Shifting From Proprietary Code To Using Upstream KVM

Intel Spots A 3888.9% Performance Improvement In The Linux Kernel From One Line Of Code

Rust-Based Redox OS Gets RISC-V Working, Also Now Booting On The Raspberry Pi 4

Ubuntu Hoping To Remove Qt 5 Before Ubuntu 26.04 LTS

Valve Engineer Fixes Massive Performance Issue For RADV Driver With AMD FSR2 Sample

KDE Will Nicely Notify You When Apps Are Being Killed Due To Out-Of-Memory

Ubuntu's Great Mainline Kernel PPA Hasn't Been Working Since Mid-September