From owner-freebsd-questions@freebsd.org Sun Sep 20 02:24:15 2020 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id A20573F7425 for ; Sun, 20 Sep 2020 02:24:15 +0000 (UTC) (envelope-from ralf-mardorf@riseup.net) Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4BvBGQ5jsQz3bSw for ; Sun, 20 Sep 2020 02:24:14 +0000 (UTC) (envelope-from ralf-mardorf@riseup.net) Received: from bell.riseup.net (bell-pn.riseup.net [10.0.1.178]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "Sectigo RSA Domain Validation Secure Server CA" (not verified)) by mx1.riseup.net (Postfix) with ESMTPS id 4BvBGN70GXzFdqM for ; Sat, 19 Sep 2020 19:24:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1600568653; bh=7VrFmqYk6EqwaGDAjF91Mfoykyojl4yTyatryuUtpcA=; h=Date:From:To:Subject:In-Reply-To:References:From; b=mKA46YgDK2dsIWiLIaTadtTxqVw1NpB0wlLGShPxSlbo208j82IWFzmtkJSJW8C24 2xJZHrjyiPyufTxFZMTbIcny22b92FtPtMoR2ke7OO0pBTut2L9YIH/N6E199myGgG o2xxHjL+s3OsFHdnaW2yvvxy4XJaENm9/g7YXxdQ= X-Riseup-User-ID: 9E101708724AA3280B98B0985ED4B5CFBF6F9AE51BB148F0655EFDDD8C189D2B Received: from [127.0.0.1] (localhost [127.0.0.1]) by bell.riseup.net (Postfix) with ESMTPSA id 4BvBGN2XXhzJn6J for ; Sat, 19 Sep 2020 19:24:12 -0700 (PDT) Date: Sun, 20 Sep 2020 04:24:14 +0200 From: Ralf Mardorf To: freebsd-questions@freebsd.org Subject: Re: Dual-booting/triple-booting FreeBSD under UEFI Message-ID: <20200920042414.7d396bc1@archlinux> In-Reply-To: <20200920035310.72276666@archlinux> References: <20200919180814.00005391@seibercom.net> <20200920035310.72276666@archlinux> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4BvBGQ5jsQz3bSw X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=riseup.net header.s=squak header.b=mKA46YgD; dmarc=pass (policy=none) header.from=riseup.net; spf=pass (mx1.freebsd.org: domain of ralf-mardorf@riseup.net designates 198.252.153.129 as permitted sender) smtp.mailfrom=ralf-mardorf@riseup.net X-Spamd-Result: default: False [-4.38 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[riseup.net:s=squak]; NEURAL_HAM_MEDIUM(-1.00)[-0.996]; FROM_HAS_DN(0.00)[]; RWL_MAILSPIKE_GOOD(0.00)[198.252.153.129:from]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; RCPT_COUNT_ONE(0.00)[1]; DWL_DNSWL_LOW(-1.00)[riseup.net:dkim]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[riseup.net:+]; DMARC_POLICY_ALLOW(-0.50)[riseup.net,none]; NEURAL_HAM_SHORT(-0.72)[-0.717]; NEURAL_HAM_LONG(-1.07)[-1.070]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; MID_RHS_NOT_FQDN(0.50)[]; ASN(0.00)[asn:16652, ipnet:198.252.153.0/24, country:US]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions]; RCVD_IN_DNSWL_LOW(-0.10)[198.252.153.129:from] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 20 Sep 2020 02:24:15 -0000 PS: "Anyway, look for CVE-2020-10713 patches in future changelogs." - https://www.zdnet.com/article/boothole-attack-impacts-windows-and-linux-systems-using-grub2-and-secure-boot/ Probably the most user-friendly and likely less security hardened Linux distro provides this information: "Jesse Michael and Mickey Shkatov discovered that the configuration parser in GRUB2 did not properly exit when errors were discovered, resulting in heap-based buffer overflows. A local attacker could use this to execute arbitrary code and bypass UEFI Secure Boot restrictions. (CVE-2020-10713) [snip] The problem can be corrected by updating your system to the following package versions:" - https://ubuntu.com/security/notices/USN-4432-1 No need to read a changelog or security notices in the first place, this issue is fixed (most likely not only for Ubuntu ;).