Bug#990447: Similar problems
On 2/1/23 23:31, Pascal Hambourg wrote:
On 02/02/2023 at 00:33, Phil Dibowitz wrote:
And I've run `grub-install` with my EFI dir mounted. What's
interesting is the version in EFI is different than the version staged
by the package:
```
# sum /usr/lib/shim/shimx64.efi /boot/EFI/EFI/debian/shimx64.efi
47979 918 /usr/lib/shim/shimx64.efi
36147 913 /boot/EFI/EFI/debian/shimx64.efi
```
You must compare with /usr/lib/shim/shimx64.efi.signed from shim-signed.
Ah, thanks. At least I know I did the grub-install right:
```
$ sum /usr/lib/shim/shimx64.efi.signed /boot/EFI/EFI/debian/shimx64.efi
36147 913 /usr/lib/shim/shimx64.efi.signed
36147 913 /boot/EFI/EFI/debian/shimx64.efi
```
So I guess that means that the shimx64.efi that's distributed with
shim-signed is, in fact, vulnerable, as proposed in the original bug.
Any timeline on updating it?
--
Phil Dibowitz phil@ipom.com
Open Source software and tech docs Insanity Palace of Metallica
http://www.phildev.net/ http://www.ipom.com/
"Be who you are and say what you feel, because those who mind don't
matter and those who matter don't mind."
- Dr. Seuss
Reply to: