Grub2 UEFI Secure Boot Bypass Issues
Hi there Regarding the security vulnerability of grub2 reported at https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html, is there any resolution for openSUSE to solve this complex issue? Thank you. Regards, Frank
Hello Frank! On 3/5/21 9:17 PM, Frank Krüger wrote:
Hi there
Regarding the security vulnerability of grub2 reported at https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html, is there any resolution for openSUSE to solve this complex issue?
I haven't checked the individual patches but it seems multiple fixes were backported in openSUSE [1]. FWIW, when I asked him, Daniel said he is planning to make an rc1 release [2] in the upcoming days. Might be an idea for the rolling release distributions to ship the rc1 release to help with the testing before the 2.06 stable release. Adrian
[1] https://build.opensuse.org/package/view_file/Base:System/grub2/grub2.changes... [2] https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00127.html
Am 05.03.21 um 21:28 schrieb John Paul Adrian Glaubitz:
Hello Frank!
On 3/5/21 9:17 PM, Frank Krüger wrote:
Hi there
Regarding the security vulnerability of grub2 reported at https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html, is there any resolution for openSUSE to solve this complex issue?
I haven't checked the individual patches but it seems multiple fixes were backported in openSUSE [1].
FWIW, when I asked him, Daniel said he is planning to make an rc1 release [2] in the upcoming days. Might be an idea for the rolling release distributions to ship the rc1 release to help with the testing before the 2.06 stable release.
I think the issue is more involved, i.e., besides updating grub2 one has to update, e.g., shim and fwupd together with some revocations. Regards, Frank
On 05/03/2021 21.17, Frank Krüger wrote:
Regarding the security vulnerability of grub2 reported at https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html, is there any resolution for openSUSE to solve this complex issue?
see on that topic: https://www.suse.com/c/suse-addresses-another-grub2-uefi-secure-boot-securit... https://www.suse.com/support/kb/doc/?id=000019892
On Fri, Mar 05, 2021 at 08:17:27PM -0000, Frank Krüger wrote:
Hi there
Regarding the security vulnerability of grub2 reported at https://lists.gnu.org/archive/html/grub-devel/2021-03/msg00007.html, is there any resolution for openSUSE to solve this complex issue?
We are working on this. The new grub2 as proposed would currently no longer allow chainloading Windows from grub2, which is a common use-case for openSUSE, so we need to figure out a solution. Note that the grub2 bugs itself largely are not relevant if attackers do not have physical console access. Ciao, Marcus
participants (4)
-
Bernhard M. Wiedemann -
Frank Krüger -
John Paul Adrian Glaubitz -
Marcus Meissner