New GRUB2 security vulnerabilities affecting its UEFI Secure Boot support

Stephane · March 3, 2021, 7:00am

see this
https://www.phoronix.com/scan.php?page=news_item&px=GRUB-2021-Secure-Boot-Issues

this CVE explains well this
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021

version
https://git.savannah.gnu.org/cgit/grub.git ](https://git.savannah.gnu.org/cgit/grub.git

keybreak · March 3, 2021, 7:23am

You can never get tired of Secure boot vulnerabilities and insanity of a whole concept

pebcak · March 3, 2021, 8:46am

Isn’t the article more about Grub’s security vulnerabilities rather than secure boot’s?

keybreak · March 3, 2021, 8:54am

A bit of both really, take Secure boot out of equation - and there’s no vulnerabilities

pebcak · March 3, 2021, 9:00am

Yeah, but since it’s being there is a fact (sad maybe), this one is less about its vulnerabilities rather than vulnerabilities in Grub in its attempts to get in in terms with it.

Stephane · March 3, 2021, 11:32am

this came only with SecureBoot&Shim & keys db
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

pebcak · March 4, 2021, 1:53pm

Patched Grub in the pipeline:

https://9to5linux.com/patches-for-multiple-new-grub2-security-flaws-start-rolling-out-to-linux-distros-update-now

dalto · March 4, 2021, 1:54pm

Yes but since people see secure boot as evil it takes the blame for grub vulnerabilities for some reason.

pebcak · March 4, 2021, 2:01pm

Yes, I kind of understand it and not at the same time being a “call a spade spade” person.