Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Technology https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Red Hat and CentOS systems do not load due to BootHole patches

Red Hat and CentOS systems do not load due to BootHole patches

An animated worm erupts from a computer chip.
Zoom in / Security updates designed to fix the BootHole UEFI vulnerability make some Linux systems not bootable at all.

Early this morning, an emergency bug appeared in the bugzilla tracker bugzilla ̵

1; a user discovered that the security update of RHSA_2020: 3216 grub2 and the kernel security update RHSA-2020: 3218 made the RHEL 8.2 system could not be started. The error was reported as reproducible with each minimal clean installation of Red Hat Enterprise Linux 8.2.

The patches were designed to close a recently discovered vulnerability in the GRUB2 startup manager called BootHole. The vulnerability itself left a method for system attackers to potentially install “bootkit” malware on a Linux system, even though the system is protected by UEFI Secure Boot.

RHEL and CentOS

Unfortunately, the Red Hat patch to GRUB2 and the kernel, once applied, leave patch systems out of order. The problem has been confirmed to affect RHEL 7.8 and RHEL 8.2, and may affect RHEL 8.1 and 7.9. The RHEL-derived distribution of CentOS is also affected.

Currently, Red Hat advises users not to apply GRUB2 security patches (RHSA-2020: 3216 or RHSA-2020: 3217) until these issues are resolved. If you are administering RHEL or CentOS and you think you may have installed these patches, do not restart your system, Reduce affected packages through sudo yum downgrade shim* grub2* mokutil and configure yum do not upgrade these packages by adding temporarily exclude=grub2* shim* mokutil to /etc/yum.conf,,

If you have already applied the patches and tried (and failed) to reboot, boot from DVD RHEL or CentOS in troubleshooting mode, set up the network, and then follow the same steps described above to restore the functionality of your system.

Other distributions

Although the bug was first reported on Red Hat Enterprise Linux, apparently related bug reports are being distributed by other distributions from different families. Ubuntu and Debian users are reporting systems that cannot be started after installing GRUB2 updates, and Canonical has issued advice including instructions on how to recover affected systems.

Although the impact of the GRUB2 error is similar, the range may vary from spread to spread; for now, the Debian / Ubuntu GRUB2 error appears to only affect systems that are booting in BIOS mode (not UEFI). Ubuntu has already been fixed proposed storage, tested and put into it updates storage. Updated and released packages, grub2 (2.02~beta2-36ubuntu3.27) xenial and grub2 (2.04-1ubuntu26.2) focal, should resolve the issue for Ubuntu users.

For Debian users, the fix is ​​available in a new package grub2 (2.02+dfsg1-20+deb10u2),,

We currently have no words about the shortcomings or impact of GRUB2 BootHole patches on other distributions such as Arch, Gentoo or Clear Linux.

Source link