Thursday, August 13, 2020
Home Gadgets Red Hat and CentOS systems aren’t booting due to BootHole patches

Red Hat and CentOS systems aren’t booting due to BootHole patches

from the cure-is-worse-than-the-disease dept —

Well, you can’t be vulnerable to BootHole if you can’t boot your system.


A cartoon worm erupts from a computer chip.

Enlarge / Security updates intended to patch the BootHole UEFI vulnerability are rendering some Linux systems unable to boot at all.

Early this morning, an urgent bug showed up at Red Hat’s bugzilla bug tracker—a user discovered that the RHSA_2020:3216 grub2 security update and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clean minimal install of Red Hat Enterprise Linux 8.2.

The patches were intended to close a newly discovered vulnerability in the GRUB2 boot manager called BootHole. The vulnerability itself left a method for system attackers to potentially install “bootkit” malware on a Linux system despite that system being protected with UEFI Secure Boot.

RHEL and CentOS

Unfortunately, Red Hat’s patch to GRUB2 and the kernel, once applied, are leaving patched systems unbootable. The issue is confirmed to affect RHEL 7.8 and RHEL 8.2, and it may affect RHEL 8.1 and 7.9 as well. RHEL-derivative distribution CentOS is also affected.

Red Hat is currently advising users not to apply the GRUB2 security patches (RHSA-2020:3216 or RHSA-2020:3217) until these issues have been resolved. If you administer a RHEL or CentOS system and believe you may have installed these patches, do not reboot your system. Downgrade the affected packages using sudo yum downgrade shim* grub2* mokutil and configure yum not to upgrade those packages by temporarily adding exclude=grub2* shim* mokutil to /etc/yum.conf.

If you’ve already applied the patches and attempted (and failed) to reboot, boot from an RHEL or CentOS DVD in Troubleshooting mode, set up the network, then perform the same steps outlined above in order to restore functionality to your system.

Other distributions

Although the bug was first reported in Red Hat Enterprise Linux, apparently related bug reports are rolling in from other distributions from different families as well. Ubuntu and Debian users are reporting systems which cannot boot after installing GRUB2 updates, and Canonical has issued an advisory including instructions for recovery on affected systems.

Although the impact of the GRUB2 bug is similar, the scope may be different from distribution to distribution; so far it appears the Debian/Ubuntu GRUB2 bug is only affecting systems which boot in BIOS (not UEFI) mode. A fix has already been committed to Ubuntu’s proposed repository, tested, and released to its updates repository. The updated and released packages, grub2 (2.02~beta2-36ubuntu3.27) xenial and grub2 (2.04-1ubuntu26.2) focal, should resolve the problem for Ubuntu users.

For Debian users, the fix is available in newly committed package grub2 (2.02+dfsg1-20+deb10u2).

We do not have any word at this time about flaws in or impact of GRUB2 BootHole patches on other distributions such as Arch, Gentoo, or Clear Linux.

Read More

- Advertisment -

Most Popular

Covid-19: There are hopeful signs the virus has peaked, says SAMRC

A medical staffer at the Nasrec field hospital in Johannesburg. Photo by Gallo Images/Sharon Seretlo There are hopeful signs Covid-19 reached its peak at the end of July, says the South African Medical Research Council. Professor Debbie Bradshaw says the Western Cape stands out as having a much slower epidemic. Council president and CEO Glenda Grey says…

Strong anti-corruption message is the main theme at John Nkadimeng’s memorial service

A memorial service was held for struggle hero John Nkadimeng on Wednesday ahead of his funeral on Friday.The event was also used to raise concerns around corruption.Some vowed to honour his legacy of humility, hard work and selflessness.The ANC and its alliance partners have decried corruption and vowed to fight against it in honour of…

It is in the interest of the public that the Public Protector is held to account

Public Protector Busisiwe Mkhwebane. Judge Vincent Saldanha said it is in the interest of the public that Public Protector Busisiwe Mkhwebane is held to account.Dali Mpofu, for Mkhwebane, said this is not so if the process is unconstitutional.Saldanha took exception to Mpofu comparing public interest to a guillotine and the rules to the Sobukwe clause.After…

Police brutality under lockdown: Public has ‘no faith’ in cops

Police members. Roger Sedres/Gallo Images via Getty Images UKZN lecturer, Dr Bronwynne Anderson, believes that the policing system continues to fail the most vulnerable groups in society. Professor Sadhana Manik says the public has no faith in police officers.The police say they are striving to be professional and ethical.Policing systems are failing women and children, according…

Recent Comments