That Ubuntu "let's make GRUB more secure by forcing a ton of use cases onto an unsecure path" is some specious BS.

tychotithonus@infosec.exchange

Ubuntu 26.10 Looks To Strip Its GRUB Bootloader To The Bare Minimum For Better Security

Ubuntu developers at Canonical are looking to strip the signed GRUB bootloader features to the bare minimum for the Ubuntu 26.10 release later this year

(www.phoronix.com)

xabean@infosec.exchange

@tychotithonus wow holy shit they want to remove LUKS support from GRUB based on their (IMO misguided) preference of doing LUKS from an initrd. I hate that design pattern, but I guess they have their reasons. Personally my linux laptops that are FDE encrypted are *completely* encrypted and boot leveraging GRUB's LUKS support. It's unusual, but I believe more resilient to bad shit.

jrconlin@mindof.jrconlin.com

@tychotithonus

Ripping out all of these GRUB features would basically mandate that most Ubuntu 26.10+ installations are done with the /boot partition being done on a raw EXT4 partition.

wat?

fritzadalis@infosec.exchange

@tychotithonus
I used to have an irrational hatred for Ubuntu. I really appreciate that they've taken steps to provide multiple solid reasons.

CIRCLE WITH A DOT

That Ubuntu "let's make GRUB more secure by forcing a ton of use cases onto an unsecure path" is some specious BS.

Ubuntu 26.10 Looks To Strip Its GRUB Bootloader To The Bare Minimum For Better Security

Ubuntu 26.10 Looks To Strip Its GRUB Bootloader To The Bare Minimum For Better Security

Ubuntu 26.10 Looks To Strip Its GRUB Bootloader To The Bare Minimum For Better Security

Ubuntu 26.10 Looks To Strip Its GRUB Bootloader To The Bare Minimum For Better Security