Home / Technology / Red Hat and CentOS systems do not boot due to BootHole patches

Red Hat and CentOS systems do not boot due to BootHole patches

A cartoon worm breaks out of a computer chip.
Enlarge /. Security updates to patch the BootHole UEFI vulnerability cause some Linux systems to fail to boot at all.

In the early morning, an urgent error occurred in the Red Hat bugzilla bug tracker. One user found that security update RHSA_2020: 321

6 grub2 and security update Kernel RHSA-2020: 3218 made an RHEL 8.2 system no longer bootable. The error was reported as reproducible with every clean minimal installation of Red Hat Enterprise Linux 8.2.

The patches should address a newly discovered vulnerability in the GRUB2 boot manager BootHole. The vulnerability itself has given system attackers the ability to potentially install “bootkit” malware on a Linux system, although this system is protected with UEFI Secure Boot.

RHEL and CentOS

Unfortunately, the patches from Red Hat on GRUB2 and the kernel no longer make the patched systems bootable after use. The issue has been confirmed to affect RHEL 7.8 and RHEL 8.2, and can also affect RHEL 8.1 and 7.9. The distribution of RHEL CentOS derivatives is also affected.

Red Hat is currently advising users not to apply the GRUB2 security patches (RHSA-2020: 3216 or RHSA-2020: 3217) until these issues are resolved. If you manage a RHEL or CentOS system and believe you have installed these patches, Do not restart your system. Downgrade the affected packages with sudo yum downgrade shim* grub2* mokutil and configure yum do not update these packages by adding them temporarily exclude=grub2* shim* mokutil to /etc/yum.conf.

If you’ve already applied and tried the patches (and failed), boot from an RHEL or CentOS DVD in troubleshooting mode, set up the network, and follow the steps above to restore your system to functionality.

Other distributions

Although the bug was first reported in Red Hat Enterprise Linux, it appears that related bug reports from other distributions from different families are also provided. Ubuntu and Debian users are reporting systems that cannot start after installing GRUB2 updates, and Canonical has issued a notice with instructions on how to restore them on affected systems.

Although the effects of the GRUB2 error are similar, the scope can vary from distribution to distribution. So far, the Debian / Ubuntu GRUB2 error only affects systems that start in BIOS mode (not in UEFI mode). Ubuntu’s has already been fixed proposed Repository, tested and released for its updates Repository. The updated and published packages, grub2 (2.02~beta2-36ubuntu3.27) xenial and grub2 (2.04-1ubuntu26.2) focalshould solve the problem for Ubuntu users.

For Debian users, the fix is ​​available in a newly committed package grub2 (2.02+dfsg1-20+deb10u2).

We currently have no word on bugs or effects of GRUB2 BootHole patches on other distributions such as Arch, Gentoo or Clear Linux.

Source link