(lwn.net)

253 points pabs3 | 1 comments | 18 Jul 25 03:53 UTC | HN request time: 0s | source

Show context

jmclnx ◴[19 Jul 25 12:47 UTC] No.44615067[source]▶

And this is why I avoid and will always avoid "Secure Boot". I can see many newer Linux people being locked out starting in Sept.

replies(3): >>44615474 #>>44616122 #>>44617464 #

craftkiller ◴[19 Jul 25 13:50 UTC] No.44615474[source]▶

>>44615067 #

Or you could just remove microsoft's keys from your systems and sign your bootloader with your own key. That's what I do on all of my systems so I am unimpacted by this.

replies(3): >>44615574 #>>44616310 #>>44616568 #

ekianjo ◴[19 Jul 25 14:05 UTC] No.44615574[source]▶

>>44615474 #

do you have any source on how to do that?

replies(2): >>44615682 #>>44615805 #

1. craftkiller ◴[19 Jul 25 14:21 UTC] No.44615682[source]▶

>>44615574 #

I followed https://github.com/nix-community/lanzaboote/blob/master/docs... but naturally you don't want to include the `--microsoft` flag when running `sbctl enroll-keys` if you want to avoid microsoft keys. Also Lanzaboote is only for NixOS.

↑

Linux and Secure Boot certificate expiration