Interesting read, something to keep in mind perhaps?
https://www.zdnet.com/article/boothole- ... cure-boot/
Boothole attacks
-
bigpup
- Moderator
- Posts: 6405
- Joined: Tue Jul 14, 2020 11:19 pm
- Location: Earth, South Eastern U.S.
- Has thanked: 760 times
- Been thanked: 1326 times
Re: Boothole attacks
This is a boot loader issue.
What hardware used is not the problem.
Any hardware is going to be affected.
Seems the UEFI security features are not that good.
This seems to be able to bypass what UEFI is suppose to provide for security.
What hardware used is not the problem.
Any hardware is going to be affected.
Seems the UEFI security features are not that good.
This seems to be able to bypass what UEFI is suppose to provide for security.
Forum Global Moderator
The things you do not tell us, are usually the clue to fixing the problem.
When I was a kid, I wanted to be older.
This is not what I expected 
-
user1111
Re: Boothole attacks
I run legacy (grub4dos) and automatically check the MBR, grldr, vmlinuz, initrd and main sfs at bootup along the lines of the code in this posting http://murga-linux.com/puppy/viewtopic. ... 56#1021156
-
greengeek
- Posts: 1218
- Joined: Thu Jul 16, 2020 11:06 pm
- Has thanked: 349 times
- Been thanked: 146 times
Re: Boothole attacks
But bigpup - my point was that pre-UEFI hardware won't have any of the UEFI security features so doesn't that mean that XP and Vista era PCS would be immune?
(since no one would use grub2 for those systems)
-
bigpup
- Moderator
- Posts: 6405
- Joined: Tue Jul 14, 2020 11:19 pm
- Location: Earth, South Eastern U.S.
- Has thanked: 760 times
- Been thanked: 1326 times
Re: Boothole attacks
The operating system and what boot loader is used by it is the issue.
So do not install Grub2 as the boot loader.
Main line Linux OS installer programs use Grub2.
But will their installers let you choose not to automatically install a boot loader, so you can do a separate install, using some other boot loader.
Puppy can use Grub4dos boot loader that uses a menu.lst file the way Grub2 uses grub.cfg.
It will boot Puppy on legacy bios computers.
But Grub4dos is not coded to boot on UEFI computers in normal UEFI setup with secure boot enabled.
Enable legacy boot or enable CSM, disable secure boot, and the UEFI bios is working like old style bios.
Grub4dos boot loader can now be used to boot that UEFI setup.
However, some UEFI computers will not boot from internal drives with UEFI setup this way.
Should boot from USB, SD card, CD/DVD, external drives.
Version of the UEFI determines what it needs.
Grub2 is the only boot loader I know about that can boot UEFI setup normal.
And it still needs a Puppy security key to boot Puppy, because enabled secure boot looks for a OS security key.
So do not install Grub2 as the boot loader.
Main line Linux OS installer programs use Grub2.
But will their installers let you choose not to automatically install a boot loader, so you can do a separate install, using some other boot loader.
Puppy can use Grub4dos boot loader that uses a menu.lst file the way Grub2 uses grub.cfg.
It will boot Puppy on legacy bios computers.
But Grub4dos is not coded to boot on UEFI computers in normal UEFI setup with secure boot enabled.
Enable legacy boot or enable CSM, disable secure boot, and the UEFI bios is working like old style bios.
Grub4dos boot loader can now be used to boot that UEFI setup.
However, some UEFI computers will not boot from internal drives with UEFI setup this way.
Should boot from USB, SD card, CD/DVD, external drives.
Version of the UEFI determines what it needs.
Grub2 is the only boot loader I know about that can boot UEFI setup normal.
And it still needs a Puppy security key to boot Puppy, because enabled secure boot looks for a OS security key.
Forum Global Moderator
The things you do not tell us, are usually the clue to fixing the problem.
When I was a kid, I wanted to be older.
This is not what I expected
Re: Boothole attacks
If someone gets access to your grub.cfg file and plants something malicious in it, they could just as easily do the same thing to a menu.lst.