On Thu, Aug 3, 2017 at 5:21 PM, Chris Murphy <lists(a)colorremedies.com> wrote:
security@ and security-team@ have no meaningful activity in at least
the last 6 months so I'm posting this here.
Have you tried something as simple as reaching out to the maintainer of grub2?
> grub2 incorrectly initialises the boot_params from the kernel image
> The gist is that the bug means the kernel can't determine UEFI secure
> boot state, considers it not enabled, resulting in the kernel not
> enabling certain checks it otherwise does when it knows secure boot is
> enabled. Ergo, users who have secure boot enabled are not getting the
> full benefit of secure boot, and this fallback is pretty much silent
> (you'd have to be looking at kernel messages to know you're not
> Fedora 26 has grub2-2.02-0.40.fc26.x86_64 which contains the fix. It
> was proposed as a blocker bug, bug was rejected because it doesn't
> have a formal security evaluation.
> However, Fedora 24 didn't get the fix before going EOL. And Fedora 25
> and Rawhide both still have this problem. And I think it needs
> Chris Murphy
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org