Re: grub2 security problem

To: debian-user@lists.debian.org
Subject: Re: grub2 security problem
From: David Christensen <dpchrist@holgerdanske.com>
Date: Sat, 19 Dec 2015 20:00:40 -0800
Message-id: <[🔎] 567627E8.9080200@holgerdanske.com>
In-reply-to: <[🔎] 1b7fka2x48.fsf@pfeifferfamily.net>
References: <[🔎] CANc=Sd1=p2WT6k3yFVxMjXGKeP3aat+sPH+WfbUiVXijWk2oSQ@mail.gmail.com> <[🔎] 1b7fka2x48.fsf@pfeifferfamily.net>

On 12/19/2015 08:59 AM, Joe Pfeiffer wrote:

Michael Fothergill <michael.fothergill@googlemail.com> writes:

I noticed some articles suggesting that there is a security problem in
grub2.

E.g.

http://thehackernews.com/2015/12/hack-linux-grub-password.html

Is there any substance to this?


Yes, for the microscopic proportion of people who put a password on
their bootloader in the first place,

+1

(I had never heard of GRUB usernames/ passwords before today. Thatsounds like more of an annoyance than security.)

A good defense against an attacker with physical access is LUKSencryption on all partitions except /boot. Be sure to buy CPU's withAES-NI.

Another, additional, option is self-encrypting drives (SED), which areoperating system agnostic and protect the entire contents of drive withzero CPU overhead.



David

Reply to:

Follow-Ups:
- Re: grub2 security problem
  - From: Anders Andersson <pipatron@gmail.com>
- Re: grub2 security problem
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

References:
- grub2 security problem
  - From: Michael Fothergill <michael.fothergill@googlemail.com>
- Re: grub2 security problem
  - From: Joe Pfeiffer <pfeiffer@cs.nmsu.edu>

Prev by Date: Re: Intel 82576 Gigabit on Debian 7 slow speed.
Next by Date: Re: AP support for wl driver
Previous by thread: Re: grub2 security problem
Next by thread: Re: grub2 security problem
Index(es):
- Date
- Thread