Stories
Slash Boxes
Comments

SoylentNews is people

Red Hat and CentOS Systems Aren’t Booting Due to BootHole Patches

posted by chromas on Saturday August 01 2020, @12:44AM   Printer-friendly
from the do-you-have-update-for-my-boothole? dept.

upstart writes in with an IRC submission for carny:

Red Hat and CentOS systems aren’t booting due to BootHole patches:

Early this morning, an urgent bug showed up at Red Hat's bugzilla bug tracker—a user discovered that the RHSA_2020:3216 grub2 security update and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system unbootable.

[...] The patches were intended to close a newly discovered vulnerability in the GRUB2 boot manager called BootHole.

[...] Unfortunately, Red Hat's patch to GRUB2 and the kernel, once applied, are leaving patched systems unbootable. The issue is confirmed to affect RHEL 7.8 and RHEL 8.2, and it may affect RHEL 8.1 and 7.9 as well. RHEL-derivative distribution CentOS is also affected.

Red Hat is currently advising users not to apply the GRUB2 security patches (RHSA-2020:3216 or RHSA-2020:3217) until these issues have been resolved.

Ubuntu and Debian are also apparently affected.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Red Hat and CentOS Systems Aren’t Booting Due to BootHole Patches | Log In/Create an Account | Top | 96 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Informative) by Subsentient on Saturday August 01 2020, @07:14AM (3 children)

    by Subsentient (1111) on Saturday August 01 2020, @07:14AM (#1029674) Homepage Journal

    I'd just use SYSLINUX, it can handle all the important stuff like that. I've used it for many years, it supports both BIOS and EFI. It's tiny and efficient. LILO is pretty dated.

    Here's my entire config file for EFI on a little FAT32 partition:

    default boot
    label boot
    prompt 1
    timeout 100

    kernel /vmlinuz ro root=LABEL=ZoroFS biosdevname=0 net.ifnames=0 rootwait mem_encrypt=off
    initrd /initramfs.img

    --
    "It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 0) by Anonymous Coward on Saturday August 01 2020, @09:27AM

    by Anonymous Coward on Saturday August 01 2020, @09:27AM (#1029705)

    Syslinux is a great example of doing one thing and doing it well. The problem with it is that it is limited to loading from the same partition or chain loading boot records. The usual solution is to put it on the ESP like most UEFI loaders, stubs, etc. these days. Personally, I like other alternatives but you won't see me insulting that one.

    Fun fact: if your setup isn't too crazy, Linux can boot itself now.

  • (Score: 4, Interesting) by digitalaudiorock on Saturday August 01 2020, @12:15PM

    by digitalaudiorock (688) on Saturday August 01 2020, @12:15PM (#1029742) Journal

    +1000 to this. Under Gentoo when I updated from grub 1 to grub 2 and saw that over-engineered cluster fuck with the generated config, I moved to syslinux with it's nice simply config as God intended.

    There's a MASSIVE trend away from KISS principles everywhere in favor of some perverse idea that nothing simple can possibly be good. I think it's too many programmers who grew up coding for Windows.

  • (Score: 0) by Anonymous Coward on Saturday August 01 2020, @11:35PM

    by Anonymous Coward on Saturday August 01 2020, @11:35PM (#1030070)

    Yes to syslinux. It works for live usb keys also which is what I use for internet access.