Release of bootable managerGNU GRUB 2.06

Altus Intel
Altus Intel
  • Date Time

After two years of development is presented Stable release of a modular multiplatform load manager GNU GRUB 2.06 (Grand Unified Bootloader). GRUB supports a wide range of platforms, including conventional PCs with BIOS, IEEE-1275 platform (Equipment based on PowerPC / SPARC64), EFI-System, RISC-V, Equipment based on MIPS-compatible LOONGSON 2E processor, ITANIUM, ARM, ARM64 systems and Arcs (SGI), devices using a free Coreboot package.

Basic innovations :

  • Added support for the SBAT mechanism (UEFI Secure Boot Advanced Targeting), decisive with feedback certificates, which are certified by the UEFI Secure Boot. SBAT implies adding new metadata that is certified by a digital signature and can additionally be enabled in lists of permitted or forbidden components for UEFI Secure Boot. These metadata allow, when responded, manipulate the versions of the components without the need to overgenerate keys for the Secure Boot and without the formation of new signatures.
  • Added support for LUKS2 disc encryption format, which differs from LUKS1 simplified key management system, the possibility of using large sectors (4096 instead of 512, reduces the load when deciphering), using symbolic sections identifiers and metadata reservation tools with the possibility of their automatic recovery from the copy If damage is detected.
  • stopped support for short MBR GAP (area between MBR and the beginning of the folder section, in GRUB is used to store part of the loader that does not fit into the MBR sector).
  • Added support for the xsm (Xen Security Modules), allowing you to determine additional limitations and powers for Xen hypervisor, virtual machines and Related resources.
  • Lockdown mechanism is implemented, similar to a similar set of restrictions in the Linux kernel. Lockdown blocks the possible UEFI Secure Boot bypass pathways, for example, prohibits access to some ACPI interfaces and CPU MSR registers, limits the use of DMA for PCI devices, blocks the ACPI code import from EFI variables, not allowed to manipulate the I / O ports.
  • The default utility OS-PROBER , which is the boot sections of other OS and adding them to the boot menu.
  • Backported patches prepared by various Linux distributions.
  • eliminated Boothole and boothole2 vulnerabilities.
  • Implemented the ability to build using GCC 10 and Clang 10.
/Media reports.

© 2024 - Altus Intel