Date: Sun, 20 Sep 2020 03:53:10 +0200 From: Ralf Mardorf <ralf-mardorf@riseup.net> To: freebsd-questions@freebsd.org Subject: Re: Dual-booting/triple-booting FreeBSD under UEFI Message-ID: <20200920035310.72276666@archlinux> In-Reply-To: <20200919180814.00005391@seibercom.net> References: <DB8PR06MB64421AFD5B11F7674E48CBAAF63C0@DB8PR06MB6442.eurprd06.prod.outlook.com> <20200919180814.00005391@seibercom.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 19 Sep 2020 18:08:14 -0400, Jerry wrote: >https://www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot/ In the beginning all major distros are using GRUB2... "Currently, GRUB2 is used as the primary bootloader for all major Linux distros" ...and it ends with all distros using it... "The company estimates that every Linux distribution is impacted by this vulnerability, as all use GRUB2 bootloaders" ...Fear, uncertainty, and doubt! Actually Arch Linux is a major distro... https://distrowatch.com/dwres.php?resource=major ...with no default boot loader at all... "In order to boot Arch Linux, a Linux-capable boot loader must be set up." - https://wiki.archlinux.org/index.php/Arch_boot_process How about syslinux? https://wiki.archlinux.org/index.php/Syslinux Btw. I don't understand why somebody wants to boot FreeBSD or Linux with UEFI Secure Boot enabled. As a lot of Linux users I'm using syslinux for a Linux multi-boot desktop PC, giving the choice to boot different major distros. It's probably accurate to claim that most user-friendly (if not all user-friendly) distros default to GRUB2, but likely many, if not all of them provide alternative boot loaders, too. FWIW Arch Linux provides software to audit installed packages against known vulnerabilities, this includes the bootloader packages, too. If a hook doesn't already run the audit tool automatically when updating packages, it alternatively could run by a package manager wrapper script. arch-audit An utility like pkg-audit based on Arch CVE Monitoring Team data pacaudit This package audits installed packages against known vulnerabilities. pkg-audit audit installed packages against known vulnerabilities Actually most, if not all major distros provide information about known vulnerabilities: https://wiki.archlinux.org/index.php/Arch_Security_Team#Tracking_and_publishing https://wiki.archlinux.org/index.php/Arch_Security_Team#Other_distributions A business technology news website spreading inaccurate news isn't required to get informed about known vulnerabilities.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20200920035310.72276666>