Bug#906124: grub-efi-amd64: Also in grub-efi-amd64
Victorien Berlot
victorien at berlot.ch
Tue Oct 6 18:18:21 BST 2020
On Sat, 3 Oct 2020 21:09:23 +0300 Vladislav Yarmak <vladislav at vm-0.com> wrote:
> On Sat, 26 Sep 2020 22:33:42 +0000 Victorien Berlot
> <victorien at berlot.ch> wrote:
> > Hello,
> >
> > Has this bug been fixed ?
>
> Nope, but this bug was ported to Centos 8 and probably other distros.
> TBH, looks like widespread bootchain sabotage to me.
>
> BTW, NSA released technical report about secureboot recently:
> https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
>
> Interesting fact, they skip initramdrive verification as well, and
> modern distros make it's verification next to impossible.
>
> --
> Best Regards,
> Vladislav Yarmak
>
>
There's something I don't understand.
The root of this bug is identified, right ?
It's disappointing it doesn't work anymore because it was a really good feature.
Do you know an alternative or a workaround ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-grub-devel/attachments/20201006/f9df961e/attachment.html>
More information about the Pkg-grub-devel
mailing list