[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] Grub Problem

To: list@xxxxxxxxxxxxx
Subject: Re: [LUG] Grub Problem
From: Sebastian <seabass@xxxxxx>
Date: Mon, 17 Aug 2020 14:59:12 +0100
Content-disposition: inline
Delivered-to: dclug@xxxxxxxxxxxxxxxxxxxxx
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=dcglug.org.uk; s=1586423162; h=Sender:Content-Transfer-Encoding: Content-Type:Reply-To:List-Subscribe:List-Help:List-Post:List-Unsubscribe: List-Id:Subject:In-Reply-To:MIME-Version:References:Message-ID:To:From:Date: Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Owner:List-Archive; bh=2+4Kdh+tp6lOBkvjLnOUiGcX19ly1SBnCV2QMMAvDX4=; b=yjlKkMgB0SActem7ho0U2mwhrN euXR7DFQHtL+0Z8x13/as2KEC6aAIbV85S8HHZzLJqPvAoFq4Bkcduh9ilnkXeoUwusjv4lQ/Kc0U kGqzH0kLSAQcctK1UA2YQ/rzV6UwzdKDnEVPvHIUYLU4Z9/NCu21PbXMYq+E0FmTVaaQ=;
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1597672760; bh=L0JJT+wiOy32HfPCnFPNKp/gOhWPr9tg6RHB0f1QY7c=; h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To; b=OnkP5p4N6EQVtY4XAv2iGjj183CiKbOqFBix1Lxfce10HmEb1Mit0rU+niyuZ/XvH x+4PzR9l+rb8FVyuSml7Y0CUiU3GIwk0uVENmwlOaZY2ckIQo5Mjg9nhmBKWW42UH0 NrsYCDvqYE2eyvQpa+JfDlWc3WQVfeQBKRcSlpYo=

> Here's the report from the original researchers who found and published it:
> https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
> For details on vulnerabilities if you want to follow them up check the
> official databases for details:
> https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-10713
> https://www.kb.cert.org/vuls/id/174059
> Usually there'll be links to the original source and as much follow up
> information as you can use there - if you're really lucky even a functional
> PoC (or wait for metasploit to provide a module).

As I said, I did read the report you linked to - but even in the two
further links you shared I could not find the name of the 'sole GRUB
vendor' who had gone to the trouble of signing the GRUB config file.

> Secure Boot is a subset of UEFI but not critical so don't let it hold you
> back - the vast majority of modern-ish PCs support dual BIOS/UEFI firmware
> stacks which you can toggle between at will so you probably already have the
> capability on your computer(s) already.

I made a note of the BIOS copyright date when turning on my PC this
morning: July 2008. I believe this predates widespread adoption of UEFI
by a few years.

> Agreed the Microsoft CA bit is a little sketchy - maybe you're too
> young to remember all the bitter fighting about it when UEFI was first
> introduced?

I certainly remember the criticism of Secure Boot, and that it would
compromise the consumers' right to install their own operating system.
As for the bitter fighting, well, clearly Microsoft won in this case.

According to various sources UEFI supports more than four primary
partitions on a single drive. When I eventually acquire a UEFI PC do not
expect to see me for a few weeks as I savour the pleasure of installing
Linux distributions without restriction...! :D

Best wishes, Sebastian
Freenode: 'seabass'



-- 
The Mailing List for the Devon & Cornwall LUG
https://mailman.dcglug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq

References:
- Re: [LUG] Grub Problem
  - From: comrade meowski
- Re: [LUG] Grub Problem
  - From: Neil
- Re: [LUG] Grub Problem
  - From: comrade meowski
- Re: [LUG] Grub Problem
  - From: Neil
- Re: [LUG] Grub Problem
  - From: comrade meowski
- Re: [LUG] Grub Problem
  - From: Neil
- Re: [LUG] Grub Problem
  - From: Sebastian
- Re: [LUG] Grub Problem
  - From: comrade meowski
- Re: [LUG] Grub Problem
  - From: Sebastian
- Re: [LUG] Grub Problem
  - From: comrade meowski

Prev by Date: Re: [LUG] Grub Problem
Next by Date: [LUG] Happy Birthday Mutt!
Previous by thread: Re: [LUG] Grub Problem
Next by thread: Re: [LUG] Grub Problem
Index(es):
- Date
- Thread