Together We Sink or Swim: Plugging the BootHole

Logo
Presented by

J. Michael, Principal Researcher, Eclypsium; D. Kiper, Software Eng., Oracle; C. Coulson, Sr Software Eng., Canonical

About this talk

In modern PC-based platforms, UEFI Secure Boot is used to protect the integrity of the boot process by ensuring that only authorized code is allowed to run during this critical time. If unauthorized code can run during the boot process, the operating system itself and the security guarantees it tries to provide can no longer be trusted. In April 2020, a security vulnerability in the GRUB2 bootloader allowing arbitrary code execution was disclosed to the GRUB2 maintainers and a number of other affected parties. Although the fix to the code itself was simple, only one line, complications with both the UEFI Secure Boot implementation and ecosystem necessitated a complex, industry-wide mitigation effort. Revocation, new shim review process, additional vulnerabilities found and fixed, and more. We'll discuss the problems we encountered and overcame as well as areas for future improvement from the perspective of the security researchers, the GRUB upstream maintainers, and the Linux distributions. Join the Ubuntu Masters telegram channel to connect with Ubuntu product managers, engineers and other attendees! https://t.me/joinchat/JOsc1hzTAhbAfjBX1fsqLA
Related topics:

More from this channel

Upcoming talks (2)
On-demand talks (434)
Subscribers (170534)
Get the most in depth information about the Ubuntu technology and services from Canonical. Learn why Ubuntu is the preferred Linux platform and how Canonical can help you make the most out of your Ubuntu environment.