Linux

58549 readers

1233 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

nooter692@lemmy.ml

AgreeableLandscape@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

Linux and Secure Boot certificate expiration (lwn.net)

submitted 1 month ago by mesamunefire@piefed.social to c/linux@lemmy.ml

6 comments fedilink hide all child comments

From: https://techrights.org/n/2025/08/26/The_UEFI_9_11_Part_I_Introduction_to_Impending_Catastrophe_Micr.shtml

all 7 comments

sorted by: hot top controversial new old

[–] Xiisadaddy@lemmygrad.ml 8 points 1 month ago* (last edited 1 month ago)

There are very few times i will come out with something positive to say about a company, but i do have to say i have a Dell laptop from 2020, and to this day i get regular firmware updates via the gnome application storefront's update utility from Dell. It is an enterprise machine that was originally sold with Ubuntu as an option which i believe is why. I don't run Ubuntu but they just push the updates out to all linux distros that check for them i think. It's really nice to have i just download it, reboot, and it installs the update in a few seconds. I even get to look at my pretty plymouth splash screen while it installs. So hopefully I'll have the new key from that.

[–] bodaciousFern@lemmy.dbzer0.com 4 points 1 month ago (2 children)

Chat, is this real?

[–] med@sh.itjust.works 9 points 1 month ago* (last edited 1 month ago)

The answer as always is, it depends.

Not all implementations rely on shim.

if you set up secureboot without doing anything more than instaling the OS.... yeah probably it is true. Edit: e.g. GRUB2 generally relies on shim. sysemd-boot doesn't

I haven't checked the specific key that signs shim to confirm the expiration date, but there generally is a date, as we're talking about certs and keys here.

Edit 2: Basically what this article is saying is that the machines will need a new platform key (mited in 2023) enrolled in the tpms, with often comes from the firmware (when tpms are wiped for initial enrollment of a new install/setup, they tend to enroll whatever platform keys from microsoft are baked in to the uefi firmware).

So basically, if you haven't had a bios/uefi firmware update since 2022, there's no way for you to have have the new key trusted by your tpm, and the whole chain of trust falls apart when the key you do have expires. So you'll need to disable secureboot. If you use shim and/or the microsoft platform key in someway.

[–] The_Decryptor@aussie.zone 6 points 1 month ago

It's real, but probably not an issue in practise.

If it does actually turn out to pose a problem, then just disable secure boot on those systems, not like it's really securing anything at that point.

[–] Cyber@feddit.uk 4 points 1 month ago (2 children)

So, if I've not had a UEFI update in to update the Secureboot cert, wouldn't this affect any OS? Ie Windows too?

[–] Cricket@lemmy.zip 1 points 4 weeks ago

Yes. Microsoft says that most Windows will get updated by them, but I'm sure a lot of Windows machines will break in 2026.