GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
relic76
Level 1
Level 1
Posts: 48
Joined: Sun Apr 20, 2014 1:42 pm

GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by relic76 »

Has LInux MInt made a fix for the BootHole bug that was announced recently? And would a normal home user be in any danger of it?
Last edited by karlchen on Thu Jul 30, 2020 4:10 pm, edited 1 time in total.
Reason: Completed title to mention the relevant details, not just the nickname of "BootHole"
DAMIEN1307
Level 10
Level 10
Posts: 3431
Joined: Tue Feb 21, 2017 8:13 pm
Location: Alamogordo, New Mexico, USA

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by DAMIEN1307 »

If you are referring to the Grub2 issue mentioned the last 2 days in different tech news pages, there was an update to this already issued pretty much at the same time i had read about it...look in the update history in the update manager to see if you have already installed the grub2 updates...DAMIEN
ORDO AB CHAO
"I refuse to be assimilated, I refuse to become one with the Borg Collective"
relic76
Level 1
Level 1
Posts: 48
Joined: Sun Apr 20, 2014 1:42 pm

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by relic76 »

Thanks. I found a grub2 update on 7/29
User avatar
karlchen
Level 21
Level 21
Posts: 13512
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by karlchen »

<Addendum>
For those readers, who would like to learn more about the GRUB2 UEFI SecureBoot vulnerability referred to as 'BootHole', here is the link to the relevant Debian article on it: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'
</Addendum>
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)
User avatar
cosmiclaser
Level 3
Level 3
Posts: 119
Joined: Sat Aug 04, 2018 1:29 am

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by cosmiclaser »

Does anyone else had the problem reported here ?

viewtopic.php?p=1857442
"GRUB RESCUE MODE, problem with CALLOC"

RELATED:
https://askubuntu.com/questions/1263125 ... -not-found

Can we do a few stats here plese ? Enter your Mint version, and Success of Fail, thank you.
I have other PCs to update and I keep it on hold....

I start Here:
Mint 19.3 Success (UEFI, no dual boot, update performed at 20:30 NewYork / 00:30 GMT)
Mint 18.3 Fail (Not UEFI, dual boot, update performed at 10:30 NewYork / 14:30 GMT)
User avatar
DarrenG
Level 2
Level 2
Posts: 57
Joined: Mon Jun 23, 2014 9:12 pm
Location: New Zealand

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by DarrenG »

mint 19.3 cinnamon, no dual boot, not UEFI, update borked my system
“People shouldn't be afraid of their government. Governments should be afraid of their people.”
User avatar
Kadaitcha Man
Level 11
Level 11
Posts: 3605
Joined: Mon Aug 27, 2012 10:17 pm

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by Kadaitcha Man »

cosmiclaser wrote:
Thu Jul 30, 2020 9:21 pm
Can we do a few stats here plese ? Enter your Mint version, and Success of Fail, thank you.
For what purpose?
Coming to a thread near you: Lots of bragging about my AMD 5950X. Currently delayed due to high demand.
It's pronounced kad-eye-cha, not kada-itcha.
User avatar
Pjotr
Level 22
Level 22
Posts: 15904
Joined: Mon Mar 07, 2011 10:18 am
Location: The Netherlands (Holland)
Contact:

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by Pjotr »

This update caused some major disruptions here and there, for some people.... I'm so glad that I have frozen Grub on the computers of some digitally handicapped people for whom I am the system administrator. :mrgreen:
Tip: 10 things to do after installing Linux Mint 20 Ulyana
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
User avatar
karlchen
Level 21
Level 21
Posts: 13512
Joined: Sat Dec 31, 2011 7:21 am
Location: Germany

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by karlchen »

Hello, DarrenG.
DarrenG wrote:
Fri Jul 31, 2020 4:47 am
mint 19.3 cinnamon, no dual boot, not UEFI, update borked my system
Please, open a new thread and explain the "system borked" symptoms in more details. Merely stating the Grub2 update were the culprit is not really sufficient.

I have installed the Grub2 update both on
  • Mint 19.3 Cinnamon, dual boot Win10 + LM19.3, UEFI, SecureBoot on
    and
  • Mint 19.3 xfce, dual boot Win7 + LM19.3, MBR, hence no SecureBoot
and both machines come up without any issues.

So precise details will be needed in order
+ to determine whether your system has been borked at all
+ to determine what has borked it, assuming it has been borked
+ to help you recover

Addendum:
In case your assumption should be correct that you have been hit by the known issues, which the Grub2 update may cause under specific circumstances, please, go through the Ubuntu article, GRUB2SecureBootBypass, carefully and apply the appropriate steps to recover your system and make it bootable again.
Kudos for mentioning this Ubuntu article go to cosmiclaser 2 posts below.

Best regards,
Karl
Last edited by karlchen on Fri Jul 31, 2020 11:09 am, edited 1 time in total.
Reason: Added pointer to https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass
Image
Linux Mint 19.3 64-bit Cinnamon, Total Commander 9.51 64-bit
Haß gleicht einer Krankheit, dem Miserere, wo man vorne herausgibt, was eigentlich hinten wegsollte. (Goethe)
ckonn
Level 3
Level 3
Posts: 126
Joined: Wed Oct 01, 2014 7:03 pm

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by ckonn »

when you are starting your linux-home-pc from the power-button it should be off-line.
after the os is downloaded into the ram you are putting the ethernet-cable in to the ethernet-lan-socket, starting the web-browser and so on.
User avatar
cosmiclaser
Level 3
Level 3
Posts: 119
Joined: Sat Aug 04, 2018 1:29 am

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Post by cosmiclaser »

There is a Workaround by the Ubuntu team here:
https://wiki.ubuntu.com/SecurityTeam/Kn ... own_issues
The but Workaround must be done BEFORE you reboot.
Post Reply

Return to “Installation & Boot”