First design
Site theme
Sign up or log in to sign up for discussions!
Early this morning, an urgent bug gave the impression in Red Hat’s bugzilla bug tracking tool: one user discovered that the security update RHSA_2020: 3216 grub2 and the kernel security update RHSA-2020:3218 made it start with RHEL 8.2 system. The error has been marked as playable in any minimum blank installation of Red Hat Enterprise Linux 8.2.
A new failure neutralizes secure boot, but there is no explanation for why to panic. Here’s why the patches were meant to close a recently discovered vulnerability in GRUB2 Boot Manager called BootHole. The vulnerability itself has left an approach for formula attackers to potentially install “bootkit” malware in a Linux formula, this formula is protected with UEFI Secure Boot.
Unfortunately, the Red Hat solution for GRUB2 and the kernel, when applied, leaves patched systems incapable. Shown is that the challenge is RHEL 7.8 and RHEL 8.2, and possibly also RHEL 8.1 and 7.9. The distribution of CentOS RHEL derivatives is also edited.
Red Hat lately warns users not to apply GRUB2 security patches (RHSA-2020: 3216 or RHSA-2020: 3217) until those issues are resolved. If you are running an RHEL or CentOS formula and you think you have installed those patches, do not restart your formula. Refurbe affected packages sudo yum degrade shim and configure yum not to update those packets by temporarily adding ‘grub2’ ‘shim’ excluded to /etc/yum.conf.
If you have already deployed the patches and tried (and failed) to restart, start from a DVD RHEL or CentOS in troubleshooting mode, configure the network, and then follow the same steps described above to repair the functionality of your system.
Although the error was first reported on Red Hat Enterprise Linux, reports of similar insects are also spreading from other distributions from other families. Users of Ubuntu and Debian report that the systems cannot be started after GRUB2 updates are installed, and Canonical has issued a warning with commands for recovery on the affected systems.
Although the effect on grub2 error is similar, the scope may differ from distribution to distribution; So far, it turns out that the Debian/Ubuntu GRUB2 error only affects systems that start in BIOS mode (not UEFI). A fix has already been compromised in the proposed repository via Ubuntu, tested and published to its update repository. The updated and released packages, grub2 (2.02 beta2-36ubuntu3.27) xenial and grub2 (2.04-1ubuntu26.2) focal, deserve to solve the challenge for Ubuntu users.
For Debian users, the solution is in the new grub2 package (2.02 – dfsg1-20 – deb10u2).
We don’t yet have information about the flaws or have an effect on GRUB2 BootHole patches on other distributions like Arch, Gentoo or Clear Linux.
Join the Ars Orbital Transmission email for weekly updates in your inbox.