It’s a vulnerability that affects secure boot through grub. MS is the interested party in patching it because they’re the ones selling secure boot certifications. It doesn’t surprise me a bit if the open source community is not interested in patching secure boot holes.
They’re not selling anything, they’ve signed the shim loader in collaboration with the Linux community, which then takes control. The shim (the part printing the error message everyone is reporting) didn’t get an update, nor a new signature, because it didn’t need one. It was designed so that distros can compile and run Grub without having to go through the certification process.
Grub was patched two years ago to not execute code at ring 0 when a funky font file gets placed on the boot drive. If you don’t care about that, just disable secure boot entirely and the message goes away.
It’s a vulnerability that affects secure boot through grub. MS is the interested party in patching it because they’re the ones selling secure boot certifications. It doesn’t surprise me a bit if the open source community is not interested in patching secure boot holes.
They’re not selling anything, they’ve signed the shim loader in collaboration with the Linux community, which then takes control. The shim (the part printing the error message everyone is reporting) didn’t get an update, nor a new signature, because it didn’t need one. It was designed so that distros can compile and run Grub without having to go through the certification process.
Grub was patched two years ago to not execute code at ring 0 when a funky font file gets placed on the boot drive. If you don’t care about that, just disable secure boot entirely and the message goes away.