Grub2 updates for Red Hat systems are making some unbootable

Posted Jul 31, 2020 15:52 UTC (Fri) by jhhaller (guest, #56103)
Parent article: Grub2 updates for Red Hat systems are making some unbootable

Does installation media need to up updated to include newly signed components? Once dbxtool for a distribution has been updated, and the UEFI revocation list rejects older grub2 or shims, one needs an installation media with the newer grub2/shims, or a re-installed system won't boot without disabling secure boot, unless I'm missing something. Are there signs of installation media/ISO being reissued with these patches? It looks like RedHat OpenShift/CoreOS is only being distributed with new boot images, but haven't seen evidence of updated installation media for the rest of RedHat so far. System rescue images are also likely to need updating. It looks like Debian 10.5 will be issued with these patches, so at least it's installation and live media will be available on August 1.

Also check your BIOS vendor, at least HP (not to be confused with HPE) has reported that a BIOS update is required for some of their models before installing the new revocation list.

Grub2 updates for Red Hat systems are making some unbootable

Posted Jul 31, 2020 21:06 UTC (Fri) by amacater (subscriber, #790) [Link]

https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot... is a well written page by someone I trust - debian-cd lead, someone who understand UEFI inside out from his time at ARM and someone who has been instrumental in the last couple of weeks in getting this stuff sorted.

Grub2 updates for Red Hat systems are making some unbootable

Posted Aug 1, 2020 15:08 UTC (Sat) by xnox (guest, #63320) [Link]

That is correct that everyone needs to push out installation & recovery media signed with new keys before pushing out dbx update.

Ubuntu is making 20.04 LTS, 18.04 LTS, 16.04 LTS point releases for that reason. Once they are out dbx update will be pushed out.