Mailinglist Archive: opensuse-security (3 mails)

< Previous Next >
Re: [opensuse-security] Re: [security-announce] Heads up: "BootHole" security issue
On Thu, Jul 30, 2020 at 02:46:35PM +0200, mailinglisten@xxxxxxxxx wrote:
Am 29.07.20 um 20:07 schrieb Marcus Meissner:
Hi folks,

Researchers from Eclypsium just published a new vulnerability in grub2
called
"BootHole".

We put a highlevel view in a blog:
https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/

and our TID:
https://www.suse.com/support/kb/doc/?id=000019673

Unfortunately, neither document gives the complete key id so we can know
what SUSE keys precisely are to be changed.

If I understand correctly

"openSUSE Secure Boot CA"
with sha1 fingerprint
46:59:83:8c:82:03:fe:15:52:ad:19:e1:86:09:db:21:7e:3a:d2:4f

will stay unchanged?

Yes, the openSUSE Secure Boot CA will stay unchanged.

Is the new key available for download somewhere?
I have my own set of PK/KEK and import such keys usually manually.

We still need to generate the new key, we need to wait until the fixed grub2
has been checked into openSUSE:Factory first to avoid having it signed by the
new key.

I will send it as reply as soon as its available.

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-security+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation