BootHole

Cyberpunk_Is_Bae · 2020-11-01 16:03:12

Apologies if this is in the wrong topic. I was going to post to SysAdmin but saw that it was shut down, and the way this topic is phrased appears to imply to my eyes that we are discussing three separate concepts, not networking and two subgenres. If it is actually the latter then please be kind enough to move my post to the appropriate location and forgive me the error, and maybe point me in the right direction if you would be so kind.

I searched the Arch Linux Forums for the string "boothole" using your integrated tools and the query returned no results.

I see that Canonical and the other big boys have taken great steps to mitigate the GRUB issue called BootHole but I do not know if there are any steps I need to take as an Arch Linux user to also manually control for this CVE. Dell even mentions it: https://www.dell.com/support/article/en … oot-bypass

Please advise. Thanks.

V1del · 2020-11-01 16:16:13

The latest Arch package ships with a mitigation patch: https://github.com/archlinux/svntogit-p … 5eb9b7203a

Make sure it's installed by running the relevant grub-install command applicable to your system.

That said, for this to be exploited on your personal desktop running Arch, you need to frequently grant physical access to your harddisk/computer to other people, have a kernel bug that allows privilege escalation to root (... which means that whatever happens to grub.cfg would be least of your concerns), do you even use SecureBoot (if not there are 1000 other ways not relying on GRUB to own you, at the level where this would be relevant)

It's a problem for red hat and canonical and whoever else is involved here because they run huge cloud instances with millions of customers. It seems largely irrelevant if this is for your personal system.

Last edited by V1del (2020-11-01 16:25:23)

Cyberpunk_Is_Bae · 2020-11-01 18:04:17

Thank you for the reply. That's good to know that it automatically is handled by the Arch team. I'll assume the newest GRUB is immune.

V1del wrote:

[D]o you even use SecureBoot[?]

I would like to know more about it but I'm doing one thing at a time here, trying to move from install scripts to manual installation and tracking of my own OS files completely. Is there any good reading or guides on using SecureBoot? I know I've heard of CoreBoot, LibreBoot, and the UEFI protection systems employed on Chrome OS and Apple's T2 chip as well as something about Microsoft and security that I generally regard with about the same veracity as The Nightmare Before Christmas.

Trilby · 2020-11-01 18:35:02

Cyberpunk_Is_Bae wrote:

trying to move from install scripts to manual installation

Do install arch linux, or do not install arch linux, there is no try. If you used some "install scripts" you should not be seeking help from this community.

Cyberpunk_Is_Bae wrote:

Is there any good reading or guides on using SecureBoot?

RTFW. There's a page specifically for this.

Arch Linux

#1 2020-11-01 16:03:12

BootHole

#2 2020-11-01 16:16:13

Re: BootHole

#3 2020-11-01 18:04:17

Re: BootHole

#4 2020-11-01 18:35:02

Re: BootHole

Board footer