How to stop hacking… before the OS starts up

The latest bug to strike before the operating system starts up has received the nickname “Boothole” and Eclypsium researchers, Mickey Shkatov and Jesse Michael, discovered the flaw. 

Boothole affects the integrity of the boot-up process itself, allowing hackers to execute code that runs the next time a device starts. And can happen even with Secure Boot enabled. Eclypsium found the vulnerability in the GRUB2 bootloader that most Linux systems use.

Worse is that the flaw affects systems using Secure Boot, even if they are not using GRUB2. Almost all signed versions of GRUB2 are vulnerable, meaning it affects virtually every Linux distribution. GRUB2 also supports other operating systems, kernels and hypervisors such as Xen. 

share