GRUB2 EFI Support In Fedora 31 Likely To Include New Security Modules

Written by Michael Larabel in Fedora on 26 March 2019 at 12:26 AM EDT. 24 Comments
FEDORA
Another change being sought for Fedora 31 is including some newer GRUB2 modules as part of the distribution's GRUB EFI boot-loader build to provide some additional security functionality.

Peter Jones and Javier Martinez Canillas, both of Red Hat, are looking to have Fedora 31's GRUB2 EFI package include the verify, cryptodisk, and LUKS modules. This inclusion is being pursued since those using UEFI SecureBoot cannot manually insert modules not already in the grubx64.efi and thus losing out on these possible options for improving the integrity of the early-launch code.

"This change will allow users to gain trust in the integrity of early-launch code either through verification of signatures (particularly useful for initramfs, which is particularly vulnerable to possible offline modification) or encryption of the boot partition." More details on the plans via this change proposal.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week