UEFI secureboot is not so secure - Boothole

this appears today
https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/?utm_source=dlvr.it&utm_medium=facebook

origin info

Who could have thought of THAT coming :joy:
Jeez…That crap is single most stupid thing in whole history of computing…

Always only created problems.

Love Debian naming btw, ‘BootHole’ :laughing: :rofl:


“I jumped into his computer through boothole!” :laughing:

good reason to switch to rEFInd ?

for Refind
https://rodsbooks.com/refind/secureboot.html

it use also secure boot …

So then…Tear our chips down, disable Intel ME / AMD PSP…

image

And then write our own BIOS with black-jack and hookers!


If it wasn’t for laptops it would be pretty damn doable across the board :expressionless:

Who on Linux is using secure boot anyway? I’m not! :rofl:

Depends on how many threads of “Nothing works / i can’t boot! / Linux sucks” you have come across…
On Manjaro forums there was a bunch :sweat_smile:…

Disabling Secure boot, Fast boot and all other kinds of boot (including BootHole now :rofl:) is sadly not most obvious thing for newcomers :slight_smile:

I fell in a Boothole and ended up on EndeavourOS. :rofl:

I hate secure boot, it is simply a Microsoft shackle imposed on hardware purchasers. On some cheap lower end hardware it can not be disabled at all and you can not even install Linux.

i installed this system in the first place with secureboot & my laptop with secureboot :stuck_out_tongue:

but i switched off mean time…
:slight_smile:

Totally agree! :grinning:

Exactly! :rage:

Can’t wait for some new fancy next-gen AI Boot (which totally doesn’t reprogram your DNA with 6G for total submission to reptiloids :dragon_face:)…

It CAN use secure boot (mostly doesn’t) and CAN fire up a grub2 instance (mostly doesn’t) but is unlikely to be vulnerable to this. Normally it (like ‘gumminoot’ and systemd boot) fires up the kernel directly, bypassing the reported ‘buffer overflow’ attack sourced in the grub.cfg file. Not to worry… :grin:

Ah, forget the whole thing.

I read about this a few hours ago in bleepingcomputer, arstechnica & makeuseof. Initially i was confused, then mildly concerned, then … meh… once i realised that if i understood correctly, the bad actor already needs to have compromised your device with root privileges before they can then compromise your device with this thing. So… meh.

Arch already has a patch for grub in the works.

But…Can you trust yourself when sleepwalking? :vampire:
I don’t! :sweat_smile:

It doesn’t affect me, since I am a Linux user and don’t wear boots…

afbeelding

Certainly not! I am completely untrustworthy when awake, & have reason to suspect i might be even more disreputable in my sleep.