- cross-posted to:
- [email protected]
- cross-posted to:
- [email protected]
Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen. It seems that the vast majority of systems will not be lost in the shuffle, but it may require extra work from distributors and users.
IMO, keep an rss feed of your vendors firmware updates being released on their website or periodically check it yourself. As soon as its released, go ahead and install it. If you want to be cautious, maybe give it a week or two to make sure they dont pull the update due to issues with that particular release.
Even better, if the manufacturer offers a utility to keep updates installed, just run that periodically.
I haven’t discovered any manufacturer’s RSS feed. Is that a common thing?
No idea. You can use something like jackett to generate an RSS feed for you if they dont have one.
Maybe they have a newsletter for updates, or a registration card, social media account, or maybe a security team that announces security updates.
All im suggesting is look into how your manufacturer announces these updates and actively listen to that communication.
Gotcha. 👍