New GRUB2 security vulnerabilities affecting its UEFI Secure Boot support

see this
https://www.phoronix.com/scan.php?page=news_item&px=GRUB-2021-Secure-Boot-Issues

this CVE explains well this
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021

version
https://git.savannah.gnu.org/cgit/grub.git ](https://git.savannah.gnu.org/cgit/grub.git

2 Likes

You can never get tired of Secure boot vulnerabilities and insanity of a whole concept :woozy_face:

3 Likes

Isn’t the article more about Grub’s security vulnerabilities rather than secure boot’s?

1 Like

A bit of both really, take Secure boot out of equation - and there’s no vulnerabilities :laughing:

Yeah, but since it’s being there is a fact (sad maybe), this one is less about its vulnerabilities rather than vulnerabilities in Grub in its attempts to get in in terms with it.

this came only with SecureBoot&Shim & keys db
https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html

1 Like

Patched Grub in the pipeline:

https://9to5linux.com/patches-for-multiple-new-grub2-security-flaws-start-rolling-out-to-linux-distros-update-now

Yes but since people see secure boot as evil it takes the blame for grub vulnerabilities for some reason.

1 Like

Yes, I kind of understand it and not at the same time being a “call a spade spade” person.

1 Like