On Thu, Jul 30, 2020 at 02:46:35PM +0200, mailinglisten@posteo.de wrote:
Am 29.07.20 um 20:07 schrieb Marcus Meissner:
Hi folks,
Researchers from Eclypsium just published a new vulnerability in grub2 called "BootHole".
We put a highlevel view in a blog: https://www.suse.com/c/suse-addresses-grub2-secure-boot-issue/
and our TID: https://www.suse.com/support/kb/doc/?id=000019673
Unfortunately, neither document gives the complete key id so we can know what SUSE keys precisely are to be changed.
If I understand correctly
"openSUSE Secure Boot CA" with sha1 fingerprint 46:59:83:8c:82:03:fe:15:52:ad:19:e1:86:09:db:21:7e:3a:d2:4f
will stay unchanged?
Yes, the openSUSE Secure Boot CA will stay unchanged.
Is the new key available for download somewhere? I have my own set of PK/KEK and import such keys usually manually.
We still need to generate the new key, we need to wait until the fixed grub2 has been checked into openSUSE:Factory first to avoid having it signed by the new key. I will send it as reply as soon as its available. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org