Es a grub update nem old meg semmit, attol a regi grub alairasa valid marad amig a disztrok nem allnak at uj certre es revokoljak a regit a biosbol a userek.
Idézet a linkelt Red Hat oldalról:
Remediation
Red Hat recommends all customers to update their grub2 packages. Red Hat customers using Secure Boot need to update kernel, fwupdate, fwupd, shim and dbxtool packages containing newly validated keys and certificates.
Users running Secure Boot with Red Hat Enterprise Linux 8 need to take additional steps to boot into previously released RHEL 8 kernels after applying the grub2 package updates. See the RHEL 8 section below for more details.
...
Red Hat Enterprise Linux 8
Due to hardening within the kernel, which is released as part of these updates, previous Red Hat Enterprise Linux 8 kernel versions have not been added to shim’s allow list. If you are running with Secure Boot enabled, and the user needs to boot to an older kernel version, its hash must be manually enrolled into the trust list.
Valamint:
Viszont van fizikai hozzaferesed a gephez, akkor amugy is at tudod allitani a biost
Simán lehet root hozzáférésed a rendszerhez (akár legálisan, akár egy privilege escalation vulnerabilityn keresztül), miközben a bios-hoz nincs hozzáférésed.