UEFI secureboot is not so secure - Boothole

this appears today
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/?utm_source=dlvr.it&utm_medium=facebook

origin info

4 Likes

Who could have thought of THAT coming :joy:
Jeez…That crap is single most stupid thing in whole history of computing…

Always only created problems.

Love Debian naming btw, ‘BootHole’ :laughing: :rofl:


“I jumped into his computer through boothole!” :laughing:

5 Likes

good reason to switch to rEFInd ?

for Refind
https://rodsbooks.com/refind/secureboot.html

it use also secure boot …

So then…Tear our chips down, disable Intel ME / AMD PSP…

image

And then write our own BIOS with black-jack and hookers!


If it wasn’t for laptops it would be pretty damn doable across the board :expressionless:

5 Likes

Who on Linux is using secure boot anyway? I’m not! :rofl:

3 Likes

Depends on how many threads of “Nothing works / i can’t boot! / Linux sucks” you have come across…
On Manjaro forums there was a bunch :sweat_smile:

Disabling Secure boot, Fast boot and all other kinds of boot (including BootHole now :rofl:) is sadly not most obvious thing for newcomers :slight_smile:

1 Like

I fell in a Boothole and ended up on EndeavourOS. :rofl:

7 Likes

I hate secure boot, it is simply a Microsoft shackle imposed on hardware purchasers. On some cheap lower end hardware it can not be disabled at all and you can not even install Linux.

4 Likes

i installed this system in the first place with secureboot & my laptop with secureboot :stuck_out_tongue:

but i switched off mean time…
:slight_smile:

Totally agree! :grinning:

3 Likes

Exactly! :rage:

Can’t wait for some new fancy next-gen AI Boot (which totally doesn’t reprogram your DNA with 6G for total submission to reptiloids :dragon_face:)…

3 Likes

It CAN use secure boot (mostly doesn’t) and CAN fire up a grub2 instance (mostly doesn’t) but is unlikely to be vulnerable to this. Normally it (like ‘gumminoot’ and systemd boot) fires up the kernel directly, bypassing the reported ‘buffer overflow’ attack sourced in the grub.cfg file. Not to worry… :grin:

Ah, forget the whole thing.

3 Likes

I read about this a few hours ago in bleepingcomputer, arstechnica & makeuseof. Initially i was confused, then mildly concerned, then … meh… once i realised that if i understood correctly, the bad actor already needs to have compromised your device with root privileges before they can then compromise your device with this thing. So… meh.

2 Likes

Arch already has a patch for grub in the works.

2 Likes

But…Can you trust yourself when sleepwalking? :vampire:
I don’t! :sweat_smile:

1 Like

It doesn’t affect me, since I am a Linux user and don’t wear boots…

afbeelding

3 Likes

Certainly not! I am completely untrustworthy when awake, & have reason to suspect i might be even more disreputable in my sleep.

1 Like