this post was submitted on 23 Jul 2025
89 points (94.1% liked)

Linux

8723 readers
410 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
89
Microsoft's Secure Boot UEFI bootloader signing key expires in September, posing problems for Linux users (www.tomshardware.com)
submitted 1 week ago by cm0002@programming.dev to c/linux@programming.dev
14 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] the_riviera_kid@lemmy.world 19 points 1 week ago (7 children)

Not if you disable it, "secure boot" is a joke anyway.

[–] Badabinski@kbin.earth 27 points 1 week ago (4 children)

I mean, Secure Boot does actually help defend against evil maid attacks if paired with FDE. Someone can't just fuck with your /boot (CVE-2016-4484 nonwithstanding) to do naughty things with your system if you have Secure Boot enabled. Does that fit with most people's threat model? I dunno, probably not. It does actually do something useful though.

My work computer has it enabled and I feel better for it. The issue described in the article is easily dealt with if you just keep up with your firmware updates using fwupd.

[–] sylver_dragon@lemmy.world 1 points 1 week ago (1 children)

Ya, Secure Boot is really only useful for corporate devices or very specific people who might actually be targeted by state level attackers. For most of us, it's not worth the hassle.

[–] noxypaws@pawb.social 4 points 1 week ago

we are all currently being surveiled by state level attackers.

load more comments (2 replies)
load more comments (4 replies)