this post was submitted on 27 Aug 2025
54 points (98.2% liked)

Linux

9629 readers
263 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev
54
Linux and Secure Boot certificate expiration (lwn.net)
submitted 1 month ago by cm0002@lemmy.world to c/linux@programming.dev
15 comments fedilink hide all child comments
 

From: https://techrights.org/n/2025/08/26/The_UEFI_9_11_Part_I_Introduction_to_Impending_Catastrophe_Micr.shtml

top 15 comments
sorted by: hot top controversial new old
[–] floofloof@lemmy.ca 15 points 1 month ago (2 children)

What a terrible system. I have a couple of computers where the vendor provides good update support, but for most of them this is not the case and you're pretty much stuck with the firmware you get. To tie Secure Boot to such a flaky set of distribution channels seems like very poor planning.

[–] onlinepersona@programming.dev 17 points 1 month ago* (last edited 1 month ago) (1 children)

Or it's on purpose to force the purchase of new hardware.

Anti Commercial-AI license

[–] granolabar@kbin.melroy.org 9 points 1 month ago

It is always about the money.

[–] khleedril@cyberplace.social 1 points 1 month ago

@floofloof @cm0002 Poor planning my ass. This was the plan all along. They [expletive] know what they are doing.

[–] ook@discuss.tchncs.de 6 points 1 month ago (2 children)

How can I check if my system will be affected or not?

[–] fuckwit_mcbumcrumble@lemmy.dbzer0.com 5 points 1 month ago (2 children)

Was your bios updated in the last few years? Not when you updated it, but when the manufacturer pushed a newer update.

If it's older than 2023 then you're screwed. If it's been updated since then then you're probably fine.

[–] floofloof@lemmy.ca 4 points 1 month ago* (last edited 1 month ago)

Screwed just means you'll have to turn off Secure Boot if you ever want to reinstall Linux. And on many PCs the Secure Boot has been so badly implemented it's pretty worthless anyway. Several of mine have a root key called something like "AMI TEST KEY - DO NOT TRUST" which basically invalidates the whole system and is unfixable by the user.

[–] ook@discuss.tchncs.de 2 points 1 month ago (1 children)

Hm, I guess that should be visible somewhere in the BIOS, need to have a look later.

[–] meekah@lemmy.world 2 points 1 month ago (1 children)

They're asking for the newest version of firmware available, not the one you have installed. Check the website of your motherboards manufacturer to see if they have anything.

[–] ook@discuss.tchncs.de 1 points 1 month ago* (last edited 1 month ago) (1 children)

It is a laptop that is more than 10 years old. Don't think I ever updated the BIOS on it. So I guess that could mean it is going to be affected?

https://www.asus.com/ie/supportonly/ux433fn/helpdesk_bios/ it is this one, latest bios update is 2021. So I guess I might be screwed? Even if I use that to update, I mean?

[–] meekah@lemmy.world 3 points 1 month ago (1 children)

Yeah, as far as I understand it. I think you're fine if you just turn secure boot off, if that's an option for you.

[–] ook@discuss.tchncs.de 4 points 1 month ago

Seems like that is the only way for now, so I'll backup stuff and do it. I've been reading so many opinions how important it even is, I don't think it is going to impact my use case of the laptop.

Thanks for responding!

[–] CCMan1701A@startrek.website 2 points 1 month ago (1 children)

i have just revived a system from 2013 with linux, if i turn off secure boot does this matter?

[–] Infernal_pizza@lemmy.dbzer0.com 4 points 1 month ago

Would this not also be an issue for Windows users? Or is the Windows boot loader signed with a different key?