this appears today
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/?utm_source=dlvr.it&utm_medium=facebook
origin info
this appears today
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/?utm_source=dlvr.it&utm_medium=facebook
origin info
Who could have thought of THAT coming
JeezâŚThat crap is single most stupid thing in whole history of computingâŚ
Always only created problems.
Love Debian naming btw, âBootHoleâ
âI jumped into his computer through boothole!â
good reason to switch to rEFInd ?
So thenâŚTear our chips down, disable Intel ME / AMD PSPâŚ
And then write our own BIOS with black-jack and hookers!
If it wasnât for laptops it would be pretty damn doable across the board
Who on Linux is using secure boot anyway? Iâm not!
Depends on how many threads of âNothing works / i canât boot! / Linux sucksâ you have come acrossâŚ
On Manjaro forums there was a bunch âŚ
Disabling Secure boot, Fast boot and all other kinds of boot (including BootHole now ) is sadly not most obvious thing for newcomers
I fell in a Boothole and ended up on EndeavourOS.
I hate secure boot, it is simply a Microsoft shackle imposed on hardware purchasers. On some cheap lower end hardware it can not be disabled at all and you can not even install Linux.
i installed this system in the first place with secureboot & my laptop with secureboot
but i switched off mean timeâŚ
Totally agree!
Exactly!
Canât wait for some new fancy next-gen AI Boot (which totally doesnât reprogram your DNA with 6G for total submission to reptiloids )âŚ
It CAN use secure boot (mostly doesnât) and CAN fire up a grub2 instance (mostly doesnât) but is unlikely to be vulnerable to this. Normally it (like âgumminootâ and systemd boot) fires up the kernel directly, bypassing the reported âbuffer overflowâ attack sourced in the grub.cfg file. Not to worryâŚ
Ah, forget the whole thing.
I read about this a few hours ago in bleepingcomputer, arstechnica & makeuseof. Initially i was confused, then mildly concerned, then ⌠meh⌠once i realised that if i understood correctly, the bad actor already needs to have compromised your device with root privileges before they can then compromise your device with this thing. So⌠meh.
Arch already has a patch for grub in the works.
ButâŚCan you trust yourself when sleepwalking?
I donât!
It doesnât affect me, since I am a Linux user and donât wear bootsâŚ
Certainly not! I am completely untrustworthy when awake, & have reason to suspect i might be even more disreputable in my sleep.