Fedora 25 GRUB security issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



security@ and security-team@ have no meaningful activity in at least
the last 6 months so I'm posting this here.

grub2 incorrectly initialises the boot_params from the kernel image
https://bugzilla.redhat.com/show_bug.cgi?id=1418360

The gist is that the bug means the kernel can't determine UEFI secure
boot state, considers it not enabled, resulting in the kernel not
enabling certain checks it otherwise does when it knows secure boot is
enabled. Ergo, users who have secure boot enabled are not getting the
full benefit of secure boot, and this fallback is pretty much silent
(you'd have to be looking at kernel messages to know you're not
protected).

Fedora 26 has grub2-2.02-0.40.fc26.x86_64 which contains the fix. It
was proposed as a blocker bug, bug was rejected because it doesn't
have a formal security evaluation.

However, Fedora 24 didn't get the fix before going EOL. And Fedora 25
and Rawhide both still have this problem. And I think it needs
attention.


Thanks,

-- 
Chris Murphy
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux