Skip to content

UEFI Boot Loader Is Not Installed On Removeable Media

An XCCDF Rule

Description

The system must not allow removable media to be used as the boot loader. Remove alternate methods of booting the system from removable media. usb0, cd, fd0, etc. are some examples of removeable media which should not exist in the lines:

set root='hd0,msdos1'

Rationale

Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader.

ID
xccdf_org.ssgproject.content_rule_uefi_no_removeable_media
Severity
Medium
References
Updated