Ubuntu 26.10 Looks To Strip Its GRUB Bootloader To The Bare Minimum For Better Security

cm0002@literature.cafe · 10 hours ago

Ubuntu 26.10 Looks To Strip Its GRUB Bootloader To The Bare Minimum For Better Security

altphoto@lemmy.today · 4 hours ago

Well it’s been a good ride. Time to mint.

grue@lemmy.world · 8 hours ago

Ripping out all of these GRUB features would basically mandate that most Ubuntu 26.10+ installations are done with the /boot partition being done on a raw EXT4 partition. Thus no more encrypted boot partition and having to rely on an EXT4 boot partition even if you are a diehard Btrfs / XFS / OpenZFS fan. Or you could opt for the non-signed GRUB bootloader that would be more full-featured albeit lacking Secure Boot and security compliance.

Reducing the signed GRUB builds to the minimum support necessary they feel would “[substantially] improve security”. Users wanting those features back could use the non-signed GRUB builds albeit losing out on UEFI Secure Boot and security support.

How the Hell is any of that supposed to “improve” security? Something is fishy here.

Dran@lemmy.world · 4 hours ago

The simpler the arbitrary string/blob parsing logic the less this happens

https://app.opencve.io/cve/?product=grub2&vendor=gnu

I agree with you that it’d be nice if the cuts were a little shallower and allowed for an encrypted boot partition, but you could still have the system reasonably secure by encrypting the data partitions and signing the entire boot process to detect and abort decryption if the boot partition doesn’t match signatures. You already have to do this with the efi partition if you’re particularly paranoid about that attack vector, so this really isn’t a new one.

muhyb@programming.dev · 8 hours ago

I did the same thing some time ago and installed systemd-boot.

GreenKnight23@lemmy.world · 6 hours ago

bet you’re regretting that with the recent news…

muhyb@programming.dev · 3 hours ago

Actually I’m even using systemd-boot on a systemd-free system as well. As far as I know, while it’s part of systemd, it’s not actually part of the suite. It’s just a bootloader.

TrickDacy@lemmy.world · edit-2 5 hours ago

Why would they exactly? Adding an age field would not likely have any impact on a bootloader. Also I’m not really sure what you reactionaries are thinking will happen. That laws will get passed but Linux as a whole will just refuse to follow the laws? It’s a very incomplete thought process you all are stuck in. If the laws get passed, the entire Linux community is not just going to be able to ignore them.

Clay_pidgin@sh.itjust.works · 4 hours ago

I don’t like the idea on general, but I agree with the developer whose thread I read that suggested systemd was a good place to store the data so we don’t end up with several layers from kernel to distro publisher to DE trying to roll their own.

0x0@lemmy.zip · 10 hours ago

Alternate title: Ubuntu hasn’t discovered LILO.

Dave.@aussie.zone · edit-2 3 hours ago

You mean

LI

Not shown: user staring at a screen that is blank except for those two characters

fruitcantfly@programming.dev · 9 hours ago

It’s probably easier to strip down GRUB, than it is to resurrect and add missing features to a project that has been dead for 10+ years

Victor@lemmy.world · 9 hours ago

How does Canonical make money anyway? It’s been going for like two decades now…

edit-2 9 hours ago

It appears to be mostly commercial or industry support type stuff and licensing fees for servers.

https://medium.com/@bokiko/ubuntu-is-free-but-the-company-behind-it-made-292-million-last-year-213c3ab5351a

xSikes@feddit.online · 8 hours ago

Ubuntu Pro is a big one. FIPS 140-3 compliance for enterprise and gov/defense