Article 56A8Y A long list of GRUB2 secure-boot holes

A long list of GRUB2 secure-boot holes

by
corbet
from LWN.net on (#56A8Y)
Several vulnerabilities have been disclosed in the GRUB2 bootloader; theyenable the circumvention of the UEFI secure boot mechanism and thepersistent installation of hostile software. Fixing the problem is not justa matter of getting a new GRUB2 installation, unfortunately."It is important to note that updating the exploitablebinaries does not in fact mitigate the CVE, since an attacker couldbring an old, exploitable, signed copy of a grub binary onto a systemwith whatever kernel they wished to load. In order to mitigate, theUEFI Revocation List (dbx) must be updated on a system. Once the UEFIRevocation List is updated on a system, it will no longer bootbinaries that pre-date these fixes. This includes old install media."
External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments