George E. 🇺🇸♥🇺🇦🇵🇸🏳️🌈🏳️⚧️<p>Huge <a href="https://bofh.social/tags/security" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://bofh.social/tags/vulnerability" rel="nofollow noopener noreferrer" target="_blank">#vulnerability</a> in <a href="https://bofh.social/tags/Linux" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> systems allows an <a href="https://bofh.social/tags/attacker" rel="nofollow noopener noreferrer" target="_blank">#attacker</a> with <a href="https://bofh.social/tags/PhysicalAccess" rel="nofollow noopener noreferrer" target="_blank">#PhysicalAccess</a> to <a href="https://bofh.social/tags/bypass" rel="nofollow noopener noreferrer" target="_blank">#bypass</a> <a href="https://bofh.social/tags/SecureBoot" rel="nofollow noopener noreferrer" target="_blank">#SecureBoot</a> and inject <a href="https://bofh.social/tags/malware" rel="nofollow noopener noreferrer" target="_blank">#malware</a> onto a system even with <a href="https://bofh.social/tags/LUKS" rel="nofollow noopener noreferrer" target="_blank">#LUKS</a> <a href="https://bofh.social/tags/FDE" rel="nofollow noopener noreferrer" target="_blank">#FDE</a><span>.<br><br>The mitigation is pretty straight-forward.<br><br>For </span><a href="https://bofh.social/tags/Ubuntu" rel="nofollow noopener noreferrer" target="_blank">#Ubuntu</a><span> at-least (I don't run RedHat/ Fedora):<br><br>Edit </span><code>/etc/default/grub</code> as <code>root</code><span>.<br><br>In the line that says </span><code>GRUB_CMDLINE_LINUX="..."</code>, add (or append) <code>panic=0</code><span>.<br><br>Followed by: </span><code>sudo update-grub</code><span>. (Takes effect on reboot).<br><br>This will prevent your Linux system from launching a </span><a href="https://bofh.social/tags/DebugShell" rel="nofollow noopener noreferrer" target="_blank">#DebugShell</a> if an attacker repeatedly enters a wrong passphrase for decrypting your Luks <a href="https://bofh.social/tags/boot" rel="nofollow noopener noreferrer" target="_blank">#boot</a> <a href="https://bofh.social/tags/volume" rel="nofollow noopener noreferrer" target="_blank">#volume</a><span>.<br><br>The linked article has more information.<br><br></span><a href="https://cybernews.com/security/hackers-can-bypass-linux-secure-boot/" rel="nofollow noopener noreferrer" target="_blank">https://cybernews.com/security/hackers-can-bypass-linux-secure-boot/</a></p>