i did reinstall bootloader (manjaro GRUB) last year and NO chroot is not necessary, though it was recommended as a fool-proof way AFAIK
Did I understand right, this only applies to devices with UEFI? So I don’t have to bother and can go on without reinstalling grub? I don’t dualboot and none of my devices has EFI/UEFI.
These vulnerabilities are meant to circumvent Secure Boot enabled systems. If you’re not using it, your system is vulnerable by default and no update will save you from such attacks.
Installing these grub updates on default Manjaro is pointless unless you have SB with your own keys right now. This entire discussion is hilarious because Manjaro doesn’t support SB out of the box. You can’t mitigate a breach when your door is wide open.
12 Likes
Do we have to reinstall grub now or wait for those security patches to be included within grub ?
In addition : some people are saying here we have to chroot to reinstall grub, some are saying we do not have to…
This is confusing to me, as well as reinstalling grub : maybe i am stupid too, but as those security patches are not yet included within grub (i am referring to the beginning of @nightmare-2021 saying there are still pending…). Why do we have to reinstall grub now ?
You’re right - thanks for the hint.
I’ve changed it in my post.
in case chroot with luks & EFI
ok… maybe i am just stupid. I have read this 4 times now and fail to understand how disabling os-prober is supposed to mitigate this vuln? (besides that windows is a virus 
) Also, dont you have to have physical access to the pc? If that is the case, I dont think my wife and daughter are the hacker types. To me this is an overreaction. But maybe i am just missing the point here or missing a piece of information. As for having to chroot to reinstall grub, i reinstall grub everytime windows pukes on the bootloader. Not once have i had to use chroot. The documentation tells you how, but not why.
2 Likes
Case closed 
Could someone explain why there is such a fuzz about this? As far as I know, “Secure boot” has to be disabled to be able to install Manjaro anyways? Did that change?
If not: Who gives a shit about a security issues that can bypass “Secure boot” if it’s not even enabled on your sys?
This:!!!
What am I missing?
3 Likes
That yesterday’s grub and os-prober update borked my grub. Instead normal screen all I saw was all black and the “Welcome to GRUB” on the center-right of the screen, as if it was peeking through a whole in a black curtain.
I do have dual-boot and the given command fixed the issue.
I’m confused a bit. Why the new default “security fix” is messing with the whole grub screen? Is that normal? Will this be affecting other users with dual boot or is it some anomaly on my side?
First I tried downgrades, didn’t help. So I was about to start a new support topic, then it hit me, I should check announcements and here it was, a lifesaver topic 
. Nevertheless, the update messed with my system, which shouldn’t happen.
2 Likes
I totally agree, i have had a black screen yesterday when booting, no grub menu. I use Manjaro for several months but the forum here only for 2 weeks so i could see the workaround.
But, I am thinking of people who use Manjaro but not the forum…very difficult for them.
But now, i am confused about this new announcement.
I do not understand what I am supposed to do:
- Do nothing ?
- Reinstall grub now ?
- Wait for the security patches to be available with a new version of grub in the repo, then reinstalling grub ?
- Forget grub and install another bootloader with less issues ?
I guess that I don’t know how to chroot or why to chroot. When I reinstalled grub it said it was successful? I don’t know what luks (disk encryption?) so I don’t have that either. 
Is necessary to use chroot to reinstall grub in efi?
I am using EFISTUB
No, not at all.
3 Likes
New grub = no os-prober by default → no detection of other OSes → Manjaro Grub thinks there’s only Manjaro installed → no Grub menu shown in accordance with “silent Grub” concept. Enabling os-prober makes Grub menu visible just because now it knows there’s also Windows installed.
1 Like
In brief, nothing. All people who don’t care about someone could access your PC / laptop are free to do nothing. However, all those who use SB to protect their systems against “evil maid” -like attacks should be quite concerned I guess. If you have corporate / personal secrets stored on your machine and you don’t want someone (criminals / government / competitors) steal it easily, you’d better update grub and enable Secure Boot protection using your own keys. Along with encryption, of course.
5 Likes
@openminded : Could you please tell me what do we have to do exactly ?
Updating or reinstalling Grub ?
I have the latest Grub package 2.04-21, so, it’s up to date no ?
Tell me if i am wrong : Now, what i have to do is :
grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=manjaro --recheck
update-grub
Is that right ?
In that case, does it mean that all security patches are already included in the Grub version i have (therefore the latest 2.04-21) ?
Thank you
Basically you’re right but I do not follow Manjaro’s Grub maintenance (since I don’t use Grub and don’t care about it), so I can’t tell you if they applied all security patches or not. I believe they did, @nightmare-2021 and @philm are good at it. Check this gitlab page and see with your own eyes.
But again, if you don’t have Secure Boot enabled now, then you may do nothing as you might be not that interested in this level of security.
3 Likes