- Messages
- 519
- Reactions
- 1,524
A lot of those don't pay enough attention to the fundamentals to really be secure IME, but it's easy to paint with an overwide brush on this. If the bootloader isn't launched by a properly written and signed executable, everything that happens after that, which is almost everything, can't really be secured. That's just one way to break in.
Recently GRUB2 had a serious flaw that would allow more-than-root access to basically any machine that used it. That's all it takes.
Agreed. I also read about that GRUB2 vulnerability a few weeks ago - scary stuff.