News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • 117 patches for GRUB2

    • This topic has 10 replies, 6 voices, and was last updated 1 month ago.
    Viewing 8 reply threads
    • Author
      Posts
      • #2347800
        Microfix
        AskWoody MVP

        Ax Sharma reporting various fixes for GRUB2 coming your way

        This week GRUB project maintainers have released hundreds of upstream patches for the severe boot loader flaws listed below.

        “The BootHole vulnerability announced last year encouraged many people to take a closer look at the security of boot process in general and the GRUB bootloader in particular.”
        ….

        More info over on Bleeping Computer

        5 users thanked author for this post.
      • #2347802
        DrBonzo
        AskWoody Plus

        Here’s a link with more info for Ubuntu.

        https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass2021

        Seems that at least for some of the flaws an attacker needs physical access to the computer.

        2 users thanked author for this post.
      • #2348100
        firemind
        AskWoody Lounger

        Security update(s) for Mint should take a few days if things go as usual. Some are just from Ubuntu and some get processed further for Mint. Not sure what the grub one will be.

      • #2348212
        Charlie
        AskWoody Plus

        It may not be anything for me to be so worried about but – the last time I did a no. 4 grub2 update, along with a couple of no. 1 security updates, my computer wouldn’t boot the next day.  It was a nasty mess and I eventually decided to just re-install the Linux Mint 19.1 and start over.  Things have been fine since then.  I still have the grub2 software update PC/Bios version 2.02 ubuntu 8.21 dated Jan. 7, 2021 sitting in my update manager because I’m afraid to try installing it again.

        I currently have grub2 version 2.02 ubuntu 8.9 installed.  The new one (8.21) is a software update so I’m wondering how important it is, or if it’s needed to do any of these new 117 grub2 patches.  Will a Timeshift restore point be good enough or do I need a full backup?  Please pardon me for my bad case of shell shock when it comes to grub2.

        • #2348287
          Ascaris
          AskWoody_MVP

          Timeshift should be sufficient. Without knowing what the potential issue will be, there’s no way to say for sure.

          Even if you were to have a recurrence of the past disaster, it’s quote likely fixable without reinstalling Mint. For things like that, I use the Super Grub 2 Disk [sic], which is actually written to a USB thumb drive rather than an actual disc. You can boot that using the boot override menu, then have it detect boot options. Find your operating system in the list of results and hit enter, and it should boot. If not, try again, and use another option!

          Once you are in Mint, you can do a sudo grub-install /dev/sda (substitute your drive name for sda if that isn’t it. The ‘disks’ program from Mint will show you all of the info you need.

          After the install-grub, it might be good to then do a sudo update-grub too.  I am not sure if you need both, but it won’t hurt.

          After that, it should boot the next time.

           

          Group "L" (KDE Neon Linux 5.21.4 User Edition)

          1 user thanked author for this post.
      • #2348233
        anonymous
        Guest

        ? says:

        hi Charlie,

        from DrB’s post above i see this comment:

        Because Secure Boot does not apply to BIOS based boot environments, we will not be publishing updates for GRUB2 on those systems.

        so, please relax and keep on enjoying your minty fresh linuxride.

        ps, your network settings\ISP router setup could be causing your boottime fails.

        1 user thanked author for this post.
      • #2348264
        Paul T
        AskWoody MVP

        ps, your network settings\ISP router setup could be causing your boottime fails.

        How so?
        Details please.

        cheers, Paul

      • #2348310
        anonymous
        Guest

        ? says:

        hi Charlie,

        i gave a brief explaination in my first post; however, it got flagged as spam for one reason or another. if you run netstat -atuop via terminal you will see a udp line with bootpc (udp        0      0 *:bootpc                *:*                                 1390/dhclient    off (0.00/0/0). when you are booting the machine connects to the mothership just like in windows. if you look in dmesg or syslog you will see the networking part kick in near the end of the boot sequence. on my machine if the network is not ready it gets stuck in a loop and after a few tries fails out requiring a second try which usually brings me to a correct desktop. i use either REISUB or the power button depending on how far along the failing boot got in order to get back into the groove. in my case i blame the gateway because a quick router reboot will usually set things straight…

        1 user thanked author for this post.
      • #2348357
        Charlie
        AskWoody Plus

        I run my Linux Mint on a 2007 Sony VAIO that has the old standard BIOS so I’m a bit more relieved now that it looks like I won’t need these “Secure boot” updates.  Also, it’s just me at home and I don’t have a network.

      • #2349424
        anonymous
        Guest

        I have Secure Boot disabled on one laptop that’s dual booting Windows 10/1909 Home with Linux Mint 20.0(HWE Kernel 5.8) and that’s because my Laptop’s Realtek WiFi card come with an Out of Kernel Tree open source driver that’s no loaded if Secure Boot is enabled. So I have not gotten around to re-installing that driver with Secure Boot enabled to get offered that Driver Self Key Signing option as when Installing Linux on that laptop I did that all with Secure Boot disabled, for Obvious Reasons just in case.

        Whenever I Boot into Windows 10/1909 home(usually for KB Patching) I just make a side trip though the BIOS/UEFI Setup menu and re-enable Secure Boot, and I’m rarely using the laptop online when Booted into Windows! But the the Distro Maintainers for Mint are good at getting that and whatever comes from upstream from the Ubuntu base offered via Mint’s update manager.

        I really want to get an Intel WiFi Card anyways and a Samsung M.2 NVMe SSD to replace that laptop’s WD Black M.2 SSD that does not play nicely with Linux without some Grub2 Environment Variable addition added to the “Quiet  Slash” entry on the Grub2 boot loader. I really do not place mush value in Secure Boot anyways for Linux as that’s not normally root access all of the time anyways and any instillation requiring an password for that.

         

         

        • #2349459
          Ascaris
          AskWoody_MVP

          I really want to get an Intel WiFi Card anyways and a Samsung M.2 NVMe SSD to replace that laptop’s WD Black M.2 SSD that does not play nicely with Linux without some Grub2 Environment Variable addition added to the “Quiet Slash” entry on the Grub2 boot loader.

          I can confirm that the Intel AX200 wifi-6 and Samsung 970 Evo work nicely with no extra steps needed in my Dell G3! Kernel parameters in and of themselves should not be a problem, though. I’ve had pretty long strings of them, though now it’s down to a few beyond the standard ones for Ubuntu and related.

          Group "L" (KDE Neon Linux 5.21.4 User Edition)

    Viewing 8 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: 117 patches for GRUB2

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.