←back to thread

Linux and Secure Boot certificate expiration

(lwn.net)
253 points pabs3 | 2 comments | 18 Jul 25 03:53 UTC | HN request time: 0.004s | source
Show context
saidinesh5 ◴[18 Jul 25 06:54 UTC] No.44601960[source]
Just out of curiosity, how good is the secure boot experience these days?

I've had to disable it on all my installations because of either nvidia drivers or virtual box modules. In general Arch based distros didn't seem too friendly for secure boot set up.

replies(11): >>44602000 #>>44602120 #>>44602279 #>>44602520 #>>44602559 #>>44602593 #>>44602696 #>>44602761 #>>44602773 #>>44603004 #>>44607063 #
pbhjpbhj ◴[18 Jul 25 07:48 UTC] No.44602279[source]
Every couple of years MS do an update that messes up multi-boot/dual boot. I'm sure it's on purpose at this point, and relatively sure "Secure Boot" is how they achieve it.

Still on Windows only for kids games. Linux user since last millennium.

replies(2): >>44602385 #>>44602403 #
ChocolateGod ◴[18 Jul 25 08:13 UTC] No.44602403[source]
> Every couple of years MS do an update that messes up multi-boot/dual boot

IIRC the last time this happened it was the fault of Linux distros not updating their packages, it was just a Microsoft update updating the security requirements that affected distros that were caught slacking.

replies(2): >>44603512 #>>44603534 #
1. account42 ◴[18 Jul 25 11:30 UTC] No.44603512[source]
The idea that MS should be able make orders that distros then have to follow is insane. If MS breaks something it absolutely is their fault.
replies(1): >>44623400 #
2. ChocolateGod ◴[20 Jul 25 09:41 UTC] No.44623400[source]
No it's not. Microsoft has to disable outdated and vulnerable signed bootloaders to stop them being used for secure boot bypasses. Microsoft worked with RH to get things updated which they did, it's just distros for caught slacking and were shipping an outdated vulnerable boot loader.

I know it's the norm to bash Microsoft and they do a lot of crappy things, but in this case it was just certain distros not taking security updates seriously, which is why a lot never broke (such as Fedora)