Huge #security #vulnerability in #Linux systems allows an #attacker with #PhysicalAccess to #bypass #SecureBoot and inject #malware onto a system even with #LUKS #FDE.
The mitigation is pretty straight-forward.
For #Ubuntu at-least (I don't run RedHat/ Fedora):
Edit /etc/default/grub
as root
.
In the line that says GRUB_CMDLINE_LINUX="..."
, add (or append) panic=0
.
Followed by: sudo update-grub
. (Takes effect on reboot).
This will prevent your Linux system from launching a #DebugShell if an attacker repeatedly enters a wrong passphrase for decrypting your Luks #boot #volume.
The linked article has more information.
https://cybernews.com/security/hackers-can-bypass-linux-secure-boot/