Red Hat and CentOS systems aren’t booting due to BootHole patches
Well, you can’t be vulnerable to BootHole if you can’t boot your system. …
reader comments
126 with 75 posters participating, including story author
Early this morning, an urgent bug showed up at Red Hat’s bugzilla bug tracker—a user discovered that the RHSA_2020:3216 grub2 security update and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system unbootable. The bug was reported as reproducible on any clean minimal install of Red Hat Enterprise Linux 8.2.
The patches were intended to close a newly discovered vulnerability in the GRUB2 boot manager called BootHole. The vulnerability itself left a method for system attackers to potentially install “bootkit” malware on a Linux system despite that system being protected with UEFI Secure Boot.
RHEL and CentOS
Unfortunately, Red Hat’s patch to GRUB2 and the kernel, once applied, are leaving patched systems unbootable. The issue is confirmed to affect RHEL 7.8 and RHEL 8.2, and it may affect RHEL 8.1 and 7.9 as well. RHEL-derivative distribution CentOS is also affected.
Red Hat is currently advising users not to apply the GRUB2 security patches (RHSA-2020:3216 or RHSA-2020:3217) until these issues have been resolved. If you administer a RHEL or CentOS system and believe you may have installed these patches, do not reboot your system. Downgrade the affected packages using sudo yum downgrade shim* grub2* mokutil
and configure yum
not to upgrade those packages by temporarily adding exclude=grub2* shim* mokutil
to /etc/yum.conf
.
If you’ve already applied the patches and attempted (and failed) to reboot, boot from
Continue reading – Article source