On Thu, Aug 3, 2017 at 5:21 PM, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > security@ and security-team@ have no meaningful activity in at least > the last 6 months so I'm posting this here. Have you tried something as simple as reaching out to the maintainer of grub2? > grub2 incorrectly initialises the boot_params from the kernel image > https://bugzilla.redhat.com/show_bug.cgi?id=1418360 > > The gist is that the bug means the kernel can't determine UEFI secure > boot state, considers it not enabled, resulting in the kernel not > enabling certain checks it otherwise does when it knows secure boot is > enabled. Ergo, users who have secure boot enabled are not getting the > full benefit of secure boot, and this fallback is pretty much silent > (you'd have to be looking at kernel messages to know you're not > protected). > > Fedora 26 has grub2-2.02-0.40.fc26.x86_64 which contains the fix. It > was proposed as a blocker bug, bug was rejected because it doesn't > have a formal security evaluation. > > However, Fedora 24 didn't get the fix before going EOL. And Fedora 25 > and Rawhide both still have this problem. And I think it needs > attention. > > > Thanks, > > -- > Chris Murphy > _______________________________________________ > devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
