Insecure Boot: Injecting initramfs from a debug shell
For many popular Linux distributions, the debug shell can be reliably triggered if an incorrect password for the encrypted root partition is entered multiple times. From there, an attacker can modify the initramfs and inject malicious hooks that are executed the next time the victim boots and unlocks the system.
Originally published on Insinuator.net:
3 July 2025.