قالب وردپرس درنا توس
Home / Technology / Red Hat and CentOS are not deployed due to BootHole fixes

Red Hat and CentOS are not deployed due to BootHole fixes



A worm explodes from a computer chip.
enlarge / Security updates that address the BootHole UEFI vulnerability prevent some Linux systems from booting at all.

Early in the morning, an urgent bug appeared in Red Hat’s error tracker ̵

1; the user found that security update RHSA_2020: 3216 grub2 and security update kernel RHSA-2020: 3218 caused RHEL 8.2 to not start. The error was reported as reproducible with each clean minimal installation of Red Hat Enterprise Linux 8.2.

The fixes were designed to close a newly discovered vulnerability in the GRUB2 deployment manager called BootHole. The vulnerability itself left system attackers a way to potentially install a “bootkit” malware on a Linux system, even though the system is protected by UEFI Secure Boot technology.

RHEL and CentOS

Unfortunately, the Red Hat patch on GRUB2 and the kernel, once applied, leave repaired systems without booting. It was confirmed that the problem affected RHEL 7.8 and RHEL 8.2 and may also affect RHEL 8.1 and 7.9. The distribution of RHEL-derivatives of CentOS is also affected.

Red Hat currently recommends that users do not apply GRUB2 security fixes (RHSA-2020: 3216 or RHSA-2020: 3217) until these issues have been resolved. If you manage RHEL or CentOS and you believe you have installed these patches, do not restart the system, Reduce the number of affected packages with sudo yum downgrade shim* grub2* mokutil and configure yum do not upgrade these packages by adding them temporarily exclude=grub2* shim* mokutil on the /etc/yum.conf.

If you have already applied patches and tried (and failed) to restart, boot from RHEL or CentOS DVD in troubleshooting mode, set up the network, and then follow the same steps above to restore system functionality.

Other distributions

Although the bug was first reported in Red Hat Enterprise Linux, apparently related bug reports are spreading from other distributions from different families. Ubuntu and Debian users report systems that cannot be booted after installing GRUB2 updates, and Canonical has issued a recommendation, including recovery instructions, on the affected systems.

Although the impact of the GRUB2 error is similar, the extent may vary from distribution to distribution; so far, the Debian / Ubuntu GRUB2 bug seems to only affect systems that boot in BIOS (not UEFI) mode. The fix has already been made for Ubuntu proposed storage, tested and released into its updates Storage. Updated and released packages, grub2 (2.02~beta2-36ubuntu3.27) xenial and grub2 (2.04-1ubuntu26.2) focal, should solve the problem for Ubuntu users.

For Debian users, the fix is ​​available in a newly bound package grub2 (2.02+dfsg1-20+deb10u2).

We currently have no word on bugs or the impact of GRUB2 BootHole fixes on other distributions such as Arch, Gentoo or Clear Linux.


Source link