see url:
https://arstechnica.com/gadgets/2020/07/red-hat-and-centos-systems-arent-booting-due-to-boothole-patches/
Don't panic...don't panic...especially if you use Ubuntu Linux...I am at
the moment eating my fingernails up to my elbows. I thought you might
like me sharing such thoughts with you...There is nuffink wrong with a
bit of grub...but grub2...I dunno...;-)
And EUFI secure boot...what on earth is that...is that wot game me
trouble with my virtual operating system manager....
Quote<<<
Well, you can't be vulnerable to BootHole if you can't boot your system.
Early this morning, an urgent bug showed up at Red Hat's bugzilla bug
tracker—a user discovered that the RHSA_2020:3216 grub2 security update
and RHSA-2020:3218 kernel security update rendered an RHEL 8.2 system
unbootable. The bug was reported as reproducible on any clean minimal
install of Red Hat Enterprise Linux 8.2.
FURTHER READING
New flaw neuters Secure Boot, but there’s no reason to panic. Here’s why
The patches were intended to close a newly discovered vulnerability in
the GRUB2 boot manager called BootHole. The vulnerability itself left a
method for system attackers to potentially install "bootkit" malware on
a Linux system despite that system being protected with UEFI Secure Boot.
RHEL and CentOS
Unfortunately, Red Hat's patch to GRUB2 and the kernel, once applied,
are leaving patched systems unbootable. The issue is confirmed to affect
RHEL 7.8 and RHEL 8.2, and it may affect RHEL 8.1 and 7.9 as well.
RHEL-derivative distribution CentOS is also affected.
Red Hat is currently advising users not to apply the GRUB2 security
patches (RHSA-2020:3216 or RHSA-2020:3217) until these issues have been
resolved. If you administer a RHEL or CentOS system and believe you may
have installed these patches, do not reboot your system. Downgrade the
affected packages using sudo yum downgrade shim\* grub2\* mokutil and
configure yum not to upgrade those packages by temporarily adding
exclude=grub2* shim* mokutil to /etc/yum.conf.
If you've already applied the patches and attempted (and failed) to
reboot, boot from an RHEL or CentOS DVD in Troubleshooting mode, set up
the network, then perform the same steps outlined above in order to
restore functionality to your system.
Other distributions
Although the bug was first reported in Red Hat Enterprise Linux,
apparently related bug reports are rolling in from other distributions
from different families as well. Ubuntu and Debian users are reporting
systems which cannot boot after installing GRUB2 updates, and Canonical
has issued an advisory including instructions for recovery on affected
systems.
Although the impact of the GRUB2 bug is similar, the scope may be
different from distribution to distribution; so far it appears the
Debian/Ubuntu GRUB2 bug is only affecting systems which boot in BIOS
(not UEFI) mode. A fix has already been committed to Ubuntu's proposed
repository, tested, and released to its updates repository. The updated
and released packages, grub2 (2.02~beta2-36ubuntu3.27) xenial and grub2
(2.04-1ubuntu26.2) focal, should resolve the problem for Ubuntu users.
For Debian users, the fix is available in newly committed package grub2
(2.02+dfsg1-20+deb10u2).
We do not have any word at this time about flaws in or impact of GRUB2
BootHole patches on other distributions such as Arch, Gentoo, or Clear
Linux.
>>>End of Quote