Red Hat and CentOS systems aren’t booting due to BootHole patches

(arstechnica.com)

Patches were intended to close a newly discovered vulnerability in the GRUB2 boot manager called BootHole. The vulnerability itself left a method for system attackers to potentially install "bootkit" malware on a Linux system despite that system being protected with UEFI Secure Boot.

Unfortunately, Red Hat's patch to GRUB2 and the kernel, once applied, are leaving patched systems unbootable. The issue is confirmed to affect RHEL 7.8 and RHEL 8.2, and it may affect RHEL 8.1 and 7.9 as well. RHEL-derivative distribution CentOS is also affected.

Oops. Also, the statement “the vulnerability itself left a method for system attackers to potentially install "bootkit" malware on a Linux system despite that system being protected with UEFI Secure Boot” is incomplete. You don’t need to have Linux on the system to install bootkit. Any Windows-powered machine with the option to boot from an optical disc or USB device would also be susceptible. This is why Microsoft also has patches in place for this issue, as a bunch of boot certificates need to be invalidated …