Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
veganism.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Veganism Social is a welcoming space on the internet for vegans to connect and engage with the broader decentralized social media community.

Administered by:

Server stats:

296
active users

veganism.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.5

#SecureBoot

2 posts2 participants0 posts today
#cryptohagen<p>Microsoft has a signing key that many <a href="https://social.data.coop/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> distributions use to support <a href="https://social.data.coop/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureBoot</span></a>, and that key expire on September 11, 2025</p><p>A replacement key has existed since 2023, but apparently - many systems don’t support it yet</p><p>Fixing this problem requires firmware updates from original equipment manufacturers (OEM) but there is a risk that not all OEMs will issue updates - especially those for older, or less popular devices<br><a href="https://www.techradar.com/pro/security/linux-users-are-about-to-face-another-major-microsoft-secure-boot-issue" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">techradar.com/pro/security/lin</span><span class="invisible">ux-users-are-about-to-face-another-major-microsoft-secure-boot-issue</span></a></p>
Roy Charles<p>Microsoft's Secure Boot UEFI bootloader signing key expires in September, posing problems for Linux users | Tom's Hardware <a href="https://share.google/XlR8PGt8llWqrf5j4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">share.google/XlR8PGt8llWqrf5j4</span><span class="invisible"></span></a> <br><a href="https://mastodon.social/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> <a href="https://mastodon.social/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> <a href="https://mastodon.social/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> <a href="https://mastodon.social/tags/secureboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureboot</span></a></p>
HowToPhil (Phillip R)<p><a href="https://mastodon.social/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecureBoot</span></a> is about corporate control of your personal property. It was never about anything else. Anyone who buys the bullshit they tell you about it making your computer safer is a fool</p>
Larvitz :fedora: :redhat:<p>System Security (ThinkPad T14s Gen4 AMD Ryzen)</p><p>- Untainted Kernel in Lockdown mode<br>- Secure boot active with modern signature<br>- All modern security features active<br>- Full-Disk-Encryption with key on physical SmartCard from <span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span>)</p><p>(With modern UEFI CA, because of the upcoming key replacement: <a href="https://burningboard.net/@Larvitz/114884582215696742" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">burningboard.net/@Larvitz/1148</span><span class="invisible">84582215696742</span></a>)</p><p><a href="https://burningboard.net/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://burningboard.net/tags/fwupd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fwupd</span></a> <a href="https://burningboard.net/tags/thinkpad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>thinkpad</span></a> <a href="https://burningboard.net/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://burningboard.net/tags/secureboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureboot</span></a></p>
Christoph Schmees<p><span class="h-card" translate="no"><a href="https://burningboard.net/@Larvitz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Larvitz</span></a></span> </p><p>So what? Switch SB off and you're done. SB was invented by M$ to mitigate design faults in UEFI and in Windows. Linux doesn't need it. </p><p><a href="https://social.tchncs.de/tags/secureboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secureboot</span></a> <a href="https://social.tchncs.de/tags/microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>microsoft</span></a> <a href="https://social.tchncs.de/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://social.tchncs.de/tags/uefi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>uefi</span></a></p>
Public *
Larvitz :fedora: :redhat:

Some Linux users might be interested, reading about this (Subscriber link, that bypasses the Paywall, since I find this information important to spread for awareness):

lwn.net/SubscriberLink/1029767

„Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen.“

LWN.netLinux and Secure Boot certificate expirationLinux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a ke [...]
#linux#secureboot#microsoft
Public
N-gated Hacker News

🎉 #Linux users are in for a surprise party on Microsoft's terms—turns out your Secure Boot relies on good ol' Bill Gates' blessing, which is expiring soon 🕒. Who knew the Linux community's favorite pastime was waiting for #Microsoft to decide when their systems will no longer boot! 🚀🔐
lwn.net/SubscriberLink/1029767 #SecureBoot #SurpriseParty #TechNews #HackerNews #ngated

LWN.netLinux and Secure Boot certificate expirationLinux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a ke [...]
Public *
Anarchadyksabled / Anarchodéglingouinax

Coucou,

j'ai récup à la poubelle un hp élite d'entreprise sous windows 11, que j'aimerais évidemment passer sur debian, sauf qu'il y a un mot de passe sur le bios qui m'empêche d'y accéder, et vu que j'ai récup l'ordi à la schlague je peux pas contacter le constructeur. Le bios est uniquement accessible via windows, c'est protégé via hp secure boot.

Quelles pistes pour virer le mot de passe et booter sur ma clé d'installation la linuxteam ?

J'ai vu la possibilité de démonter l'ordi et enlever la batterie de la carte mère mais j'ai vu des avis divergents sur cette technique.

#Linux#Debian#BIOS
Continued thread
Public
Linux Guides

Wollt Ihr euren Rechner vor unerlaubtem Zugriff schützen, ist die Festplattenverschlüsselung um einiges effektiver.
Solange Ihr bspw. kein Journalist in einem falschen Land/etc. seid, ist SecureBoot meines Erachtens sowieso nicht nützlich. Und wenn doch, dann seid Ihr mit Tails-Linux besser dran :)

#linux #opensource #secureboot

(2/2)

VegansExploreLive feeds
About