If you've already applied the patches and attempted (and failed) to reboot, boot from an RHEL or CentOS DVD in Troubleshooting mode, set up the network, then perform the same steps outlined above in order to restore functionality to your system. Downgrade the affected packages using sudo yum downgrade shim\* grub2\* mokutil and configure yum not to upgrade those packages by temporarily adding exclude=grub2* shim* mokutil to /etc/yum.conf. If you administer a RHEL or CentOS system and believe you may have installed these patches, do not reboot your system. Red Hat is currently advising users not to apply the GRUB2 security patches ( RHSA-2020:3216 or RHSA-2020:3217) until these issues have been resolved. RHEL-derivative distribution CentOS is also affected. The issue is confirmed to affect RHEL 7.8 and RHEL 8.2, and it may affect RHEL 8.1 and 7.9 as well.
Unfortunately, Red Hat's patch to GRUB2 and the kernel, once applied, are leaving patched systems unbootable.
Redhat linux patches install#
The vulnerability itself left a method for system attackers to potentially install "bootkit" malware on a Linux system despite that system being protected with UEFI Secure Boot. Here’s whyThe patches were intended to close a newly discovered vulnerability in the GRUB2 boot manager called BootHole. Further Reading New flaw neuters Secure Boot, but there’s no reason to panic.