←back to thread

Microsoft reports several bootloader vulnerabilities

(www.microsoft.com)
91 points hacknslack | 1 comments | 31 Mar 25 18:25 UTC | HN request time: 0.001s | source
Show context
usr1106 ◴[04 Apr 25 05:58 UTC] No.43578790[source]
That grub has security vulnerabities does not surprise me, it's just too big. That's why Lennart recommends systemd-boot. (Incidently a Microsoft employee, but I have no information that he would have been involved in these discoveries.) U-boot again is typical embedded software, a field generally known more for hacks than strict programming practices. So I cannot say I would be shocked. That said, I would be surprised if systemd-boot or Microsoft's loader had zero vulnerabilities hiding somewhere.

When does Microsoft open their source for searching vulnerabilities?

replies(2): >>43578845 #>>43579521 #
FirmwareBurner ◴[04 Apr 25 06:10 UTC] No.43578845[source]
>That's why Lennart recommends systemd-boot.

The creator of SystemD recommends systemd-boot? Seems legit and unbiased.

replies(2): >>43579341 #>>43579686 #
onli ◴[04 Apr 25 07:39 UTC] No.43579341[source]
Yeah, and because grub is too big. Says systemd, of all places.
replies(2): >>43579442 #>>43587543 #
jonathanstrange ◴[04 Apr 25 08:00 UTC] No.43579442[source]
Pulseaudio still doesn't work reliably.
replies(1): >>43579527 #
bayindirh ◴[04 Apr 25 08:13 UTC] No.43579527[source]
I think Pipewire has completely replaced Pulseaudio where it matters.
replies(1): >>43579663 #
1. ahartmetz ◴[04 Apr 25 08:31 UTC] No.43579663[source]
Yes, PulseAudio works great since it's actually PipeWire.