Most recent grub2 updates rendering some systems unbootable

the intent here isn’t to fear-, scare-monger or bait clicks. it is just to remind folks to backup their systems before updating. especially since these are most often presented with other regular package updates. apparently what started out as only affecting red hat has also now done so with some ubuntu and debian (among others) systems.

i have seen the updates on both of my ubuntu 18.04-based systems. i have not applied them yet. i did apply the update on an debian 10.4 vm that was upgrading to 10.5 and did so without bricking.

4 Likes

Yep, can copy that.
I ran into this a few days ago on one of my machines.
Updated, shut down, and the next morning I was greeted with the “GRUB Rescue” shell…

Boot Repair Disc fixed it for me, but I didn’t let GRUb be updated on my other machines since…

3 Likes

i am glad to hear you were able to recover your system. my further reading seemed to suggest the issue only affected systems installed in uefi mode. do you mind my asking if yours was installed that way?

because i found it in my reading i figured i would add this. ubuntu suggests a method to recover a system that was adversely affected by booting into a live usb and then using chroot to revert grub the the previous version. it starts about the middle of the page in a section titled “Recovery”: https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass

3 Likes

Hi all,

The info posted here (see link above) suggests that a fix is now available.

USN-4432-1 fixed vulnerabilities in GRUB2 affecting Secure Boot
environments. Unfortunately, the update introduced regressions for
some BIOS systems (either pre-UEFI or UEFI configured in Legacy mode),
preventing them from successfully booting. This update addresses
the issue.

Greetings.
Rosika :slightly_smiling_face:

2 Likes

Sorry, for this (too late) answer to your question.
No the affected system is a legacy boot system.

But glad to see, that the community has already addressed the issue and there is a fix for it.

2 Likes