Page 1 of 1

GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Thu Jul 30, 2020 12:45 pm
by relic76
Has LInux MInt made a fix for the BootHole bug that was announced recently? And would a normal home user be in any danger of it?

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Thu Jul 30, 2020 12:54 pm
by DAMIEN1307
If you are referring to the Grub2 issue mentioned the last 2 days in different tech news pages, there was an update to this already issued pretty much at the same time i had read about it...look in the update history in the update manager to see if you have already installed the grub2 updates...DAMIEN

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Thu Jul 30, 2020 1:07 pm
by relic76
Thanks. I found a grub2 update on 7/29

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Thu Jul 30, 2020 4:13 pm
by karlchen
<Addendum>
For those readers, who would like to learn more about the GRUB2 UEFI SecureBoot vulnerability referred to as 'BootHole', here is the link to the relevant Debian article on it: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'
</Addendum>

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Thu Jul 30, 2020 9:21 pm
by cosmiclaser
Does anyone else had the problem reported here ?

viewtopic.php?p=1857442
"GRUB RESCUE MODE, problem with CALLOC"

RELATED:
https://askubuntu.com/questions/1263125 ... -not-found

Can we do a few stats here plese ? Enter your Mint version, and Success of Fail, thank you.
I have other PCs to update and I keep it on hold....

I start Here:
Mint 19.3 Success (UEFI, no dual boot, update performed at 20:30 NewYork / 00:30 GMT)
Mint 18.3 Fail (Not UEFI, dual boot, update performed at 10:30 NewYork / 14:30 GMT)

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Fri Jul 31, 2020 4:47 am
by DarrenG
mint 19.3 cinnamon, no dual boot, not UEFI, update borked my system

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Fri Jul 31, 2020 4:51 am
by Kadaitcha Man
cosmiclaser wrote:
Thu Jul 30, 2020 9:21 pm
Can we do a few stats here plese ? Enter your Mint version, and Success of Fail, thank you.
For what purpose?

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Fri Jul 31, 2020 5:19 am
by Pjotr
This update caused some major disruptions here and there, for some people.... I'm so glad that I have frozen Grub on the computers of some digitally handicapped people for whom I am the system administrator. :mrgreen:

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Fri Jul 31, 2020 5:20 am
by karlchen
Hello, DarrenG.
DarrenG wrote:
Fri Jul 31, 2020 4:47 am
mint 19.3 cinnamon, no dual boot, not UEFI, update borked my system
Please, open a new thread and explain the "system borked" symptoms in more details. Merely stating the Grub2 update were the culprit is not really sufficient.

I have installed the Grub2 update both on
  • Mint 19.3 Cinnamon, dual boot Win10 + LM19.3, UEFI, SecureBoot on
    and
  • Mint 19.3 xfce, dual boot Win7 + LM19.3, MBR, hence no SecureBoot
and both machines come up without any issues.

So precise details will be needed in order
+ to determine whether your system has been borked at all
+ to determine what has borked it, assuming it has been borked
+ to help you recover

Addendum:
In case your assumption should be correct that you have been hit by the known issues, which the Grub2 update may cause under specific circumstances, please, go through the Ubuntu article, GRUB2SecureBootBypass, carefully and apply the appropriate steps to recover your system and make it bootable again.
Kudos for mentioning this Ubuntu article go to cosmiclaser 2 posts below.

Best regards,
Karl

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Fri Jul 31, 2020 7:46 am
by ckonn
when you are starting your linux-home-pc from the power-button it should be off-line.
after the os is downloaded into the ram you are putting the ethernet-cable in to the ethernet-lan-socket, starting the web-browser and so on.

Re: GRUB2 UEFI SecureBoot vulnerability - 'BootHole'

Posted: Fri Jul 31, 2020 10:18 am
by cosmiclaser
There is a Workaround by the Ubuntu team here:
https://wiki.ubuntu.com/SecurityTeam/Kn ... own_issues
The but Workaround must be done BEFORE you reboot.