88
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 25 Mar 2026
88 points (100.0% liked)
Linux
12991 readers
301 users here now
A community for everything relating to the GNU/Linux operating system (except the memes!)
Also, check out:
Original icon base courtesy of lewing@isc.tamu.edu and The GIMP
founded 2 years ago
MODERATORS
The simpler the arbitrary string/blob parsing logic the less this happens
https://app.opencve.io/cve/?product=grub2&vendor=gnu
I agree with you that it'd be nice if the cuts were a little shallower and allowed for an encrypted boot partition, but you could still have the system reasonably secure by encrypting the data partitions and signing the entire boot process to detect and abort decryption if the boot partition doesn't match signatures. You already have to do this with the efi partition if you're particularly paranoid about that attack vector, so this really isn't a new one.