While testing your tool on my ubuntu 22.0.4 with grub2 2.0.6 installed and dbx updated, bash script BootHoleDetection.sh says that my system is still vulnerable to BootHole vulnerability, which may be a false positive.
Reading the code I find that shim's signing certificate is used to compared with revoked certificate on Ubuntu and Debian, maybe my shim binary is out-of-date, but as long as I make sure that dbx is updated then vulnerable grub2 bootloader still can not load during boot phase.
Hello,
While testing your tool on my ubuntu 22.0.4 with grub2 2.0.6 installed and dbx updated, bash script BootHoleDetection.sh says that my system is still vulnerable to BootHole vulnerability, which may be a false positive.
Reading the code I find that shim's signing certificate is used to compared with revoked certificate on Ubuntu and Debian, maybe my shim binary is out-of-date, but as long as I make sure that dbx is updated then vulnerable grub2 bootloader still can not load during boot phase.