Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a ke [...]

Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen. It seems that the vast majority of systems will not be lost in the shuffle, but it may require extra work from distributors and users.

  • SkavarSharraddas@gehirneimer.de
    1·
    2 days ago

    Most of the recent(ish) updates are vulnerability fixes (after all, the platform is over eight years old now), and they’ve removed various intermediate versions already or there’d be even more.

    This board has a dual BIOS, the integrated flashing utility by default only flashes the main BIOS, and you have to enable the option to flash the backup explicitly. Never had to use the backup, afaik it activates automatically if booting the main BIOS fails several times.

    My ASUS “only” has a recovery function (flash BIOS from USB stick automatically if bootup fails) and no warning that I could find.