argv minus one<p><span class="h-card"><a href="https://mastodon.social/@techhelpkb" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>techhelpkb</span></a></span> </p><p>TL;DR: <a href="https://mastodon.sdf.org/tags/GRUB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GRUB</span></a> assumes that the file system is valid, and might execute arbitrary code if it isn't.</p><p>That is a perfectly valid assumption…or it would be if <a href="https://mastodon.sdf.org/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> wasn't still trying to ice-skate uphill by pushing <a href="https://mastodon.sdf.org/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>.</p><p>News flash, Microsoft: Secure Boot is only secure if the <a href="https://mastodon.sdf.org/tags/BIOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BIOS</span></a> is secure, and I'm sorry to break it to you but that is absolutely hopeless.</p><p><a href="https://mastodon.sdf.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
292active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#secureboot
1 post · 1 participant · 1 post today
Pope Bob the Unsane<p>In the adventures of Bob's "Perfect" <a href="https://kolektiva.social/tags/Slackware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Slackware</span></a> install, I've been struggling to get Secure Boot working on my <a href="https://kolektiva.social/tags/Thinkpad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Thinkpad</span></a> x280.</p><p>Something seems to be preventing me from loading a custom Platform Key, while none appears loaded, and everything seems 'right' -- <a href="https://kolektiva.social/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> is in Custom / Setup mode.</p><p>The unfortunate thing is ... using Secure Boot and signing kernel images and efi executables is not a common practice, and the documentation seems lacking explanations for people with my particular issue; method 1 of using `efi-updatevar` returns an error "Cannot write to PK, wrong filesystem permissions", method 2 -- updating from the <a href="https://kolektiva.social/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> 'bios' -- is not an option on an x280, and method 3, using KeyTool.efi returns the error "Failed to update variable: (26) Security Violation".</p><p>I am wondering if there are some further setup settings that need to be adjusted to allow this operation, if perhaps my pk.auth file is incorrect in some way, if my machine was, from the factory, unable to allow custom Platform Keys, or if someone has modified it since then.</p><p>Rabbit holes are a pain in the dick, and now I'm in a position where I'm kinda 'forced' to learn a bit more about the mechanics of Secure Boot, under the hood.</p><p>Anyone got some good tips for where to start solving this puzzle?</p><p>I have been referencing:</p><p>- <a href="https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki%27s_EFI_Install_Guide/Configuring_Secure_Boot_under_OpenRC" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">wiki.gentoo.org/wiki/User:Saka</span><span class="invisible">ki/Sakaki%27s_EFI_Install_Guide/Configuring_Secure_Boot_under_OpenRC</span></a><br>- <a href="https://wiki.linuxquestions.org/wiki/How_to_use_Secure_Boot_with_your_own_keys" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">wiki.linuxquestions.org/wiki/H</span><span class="invisible">ow_to_use_Secure_Boot_with_your_own_keys</span></a></p><p><a href="https://kolektiva.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://kolektiva.social/tags/Troubleshooting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Troubleshooting</span></a> <a href="https://kolektiva.social/tags/Puzzle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Puzzle</span></a></p>
Rairii :win3_progman: :win3: <p>so I got official confirmation from Microsoft that, for bugs in the windows boot environment leading to Secure Boot bypass, fixes are only being backported to the PCA2023-signed <code>bootmgr_ex</code>, not the PCA2011-signed <code>bootmgr</code>.</p><p>systems running anything older than Windows 11 24H2 (I think?) are still vulnerable to “patched” bootloader bugs unless you manually install the newer bootloader; of course, if you don’t do that anyway you’re still vulnerable to downgrade attacks! and if you DO manually install the newer bootloader, you get screwed in other ways (specifically not being able to boot from older install media/backups)!</p><p>on a related note, MS updated their <a href="https://support.microsoft.com/en-us/topic/how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d" rel="nofollow noopener noreferrer" target="_blank">KB article</a> about similar issues to add the following about when PCA2011 will be revoked for everyone:</p><blockquote><p>The Enforcement Phase will not begin before January 2026, and we will give at least six months of advance warning in this article before this phase begins.</p></blockquote><p>This marks the third time the Enforcement Phase has been pushed back; from “Q1 2024” to July 2024 to October 2024 to “some point after January 2026”. I suspect it will never happen for systems that were not preinstalled with, or that cannot officially run, Windows 11.</p><p><a class="hashtag" href="https://labyrinth.zone/tag/microsoft" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> <a class="hashtag" href="https://labyrinth.zone/tag/windows" rel="nofollow noopener noreferrer" target="_blank">#Windows</a> <a class="hashtag" href="https://labyrinth.zone/tag/secureboot" rel="nofollow noopener noreferrer" target="_blank">#SecureBoot</a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.vivaldi.net/@S_Paternotte" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>S_Paternotte</span></a></span> <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GrapheneOS</span></a></span> meanwhile I see <a href="https://infosec.space/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenAI</span></a> literally using falsified <a href="https://infosec.space/tags/UserAgent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UserAgent</span></a>|s and <a href="https://infosec.space/tags/DDoS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DDoS</span></a>'ing clients at work so hard I have to ban entire ASNs and /10 networks just because they ca't be assed to respect the <a href="https://robotstxt.org" rel="nofollow noopener noreferrer" target="_blank"><code>robots.txt</code></a> and refuse to accept beibg given 403 errors.</p><p>-Needless to say banning <a href="https://infosec.space/tags/GrapheneOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GrapheneOS</span></a> which are by far the most security-focussed and most diligent in terms of <a href="https://infosec.space/tags/Aftermarket" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Aftermarket</span></a>-<a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a>-<a href="https://infosec.space/tags/ROM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ROM</span></a>|s whilst not banning <a href="https://infosec.space/tags/outdated" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>outdated</span></a> Android versions is like banning a <em>"<a href="https://infosec.space/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>|ed"</em> <a href="https://infosec.space/tags/UbuntuLTS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UbuntuLTS</span></a> or <a href="https://infosec.space/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenBSD</span></a> installation and going out of one's way to brick <a href="https://infosec.space/tags/Wine" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Wine</span></a> whilst still supporting <a href="https://infosec.space/tags/WindowsXP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WindowsXP</span></a> in 2025!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@ESETresearch" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ESETresearch</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@smolar_m" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>smolar_m</span></a></span> thanks for the post and research.</p><ul><li>Personally, I don't rely on <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CensorBoot</span></a> as I don't trust any <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> that violates <a href="https://infosec.space/tags/KerckhoffsPrinciple" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KerckhoffsPrinciple</span></a>, but that's not my decision and being able to attest the security of it or at least have another way to <em>check for it</em> is kinda important.</li></ul><p>And yes I refuse to call it <em>"<a href="https://infosec.space/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>"</em> because it is <em>not</em> secure by <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a>'s <a href="https://www.youtube.com/watch?v=U7VwtOrwceo&t=739s" rel="nofollow noopener noreferrer" target="_blank">own admission</a> - otherwise they would've relied on it on the <a href="https://infosec.space/tags/XboxOne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XboxOne</span></a> and <a href="https://www.youtube.com/watch?v=U7VwtOrwceo&t=233s" rel="nofollow noopener noreferrer" target="_blank">not just the</a> <a href="https://infosec.space/tags/Xbox360" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Xbox360</span></a> !</p>
scy<p>Nice, it looks like there's going to be a <a href="https://chaos.social/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>-signed version of <a href="https://chaos.social/tags/systemdboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>systemdboot</span></a> in <a href="https://chaos.social/tags/DebianTrixie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DebianTrixie</span></a>.</p><p><a href="https://packages.debian.org/trixie/systemd-boot-efi-amd64-signed" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">packages.debian.org/trixie/sys</span><span class="invisible">temd-boot-efi-amd64-signed</span></a></p>
neatchee<p>This was a fascinating read <a href="https://neodyme.io/en/blog/bitlocker_screwed_without_a_screwdriver/#teaser" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">neodyme.io/en/blog/bitlocker_s</span><span class="invisible">crewed_without_a_screwdriver/#teaser</span></a></p><p><a href="https://urusai.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://urusai.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://urusai.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://urusai.social/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a></p>
PrivacyDigest<p><a href="https://mas.to/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> patches <a href="https://mas.to/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> to eliminate <a href="https://mas.to/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> bypass threat <br><a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/boot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>boot</span></a> </p><p> <a href="https://arstechnica.com/security/2025/01/microsoft-patches-windows-to-eliminate-secure-boot-bypass-threat/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">01/microsoft-patches-windows-to-eliminate-secure-boot-bypass-threat/</span></a></p>
IT News<p>Microsoft patches Windows to eliminate Secure Boot bypass threat - For the past seven months—and likely longer—an industry-wide standard that... - <a href="https://arstechnica.com/security/2025/01/microsoft-patches-windows-to-eliminate-secure-boot-bypass-threat/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">01/microsoft-patches-windows-to-eliminate-secure-boot-bypass-threat/</span></a> <a href="https://schleuss.online/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://schleuss.online/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a> <a href="https://schleuss.online/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>biz</span></a> <a href="https://schleuss.online/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a></p>
IT News<p>Widely used DNA sequencer still doesn’t enforce Secure Boot - In 2012, an industry-wide coalition of hardware and software makers adopte... - <a href="https://arstechnica.com/security/2025/01/widely-used-dna-sequencer-still-doesnt-enforce-secure-boot/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2025/</span><span class="invisible">01/widely-used-dna-sequencer-still-doesnt-enforce-secure-boot/</span></a> <a href="https://schleuss.online/tags/dnasequencer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dnasequencer</span></a> <a href="https://schleuss.online/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://schleuss.online/tags/firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firmware</span></a> <a href="https://schleuss.online/tags/illumina" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>illumina</span></a> <a href="https://schleuss.online/tags/iseq100" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iseq100</span></a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>biz</span></a>&it</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://transfem.social/@puppygirlhornypost2" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>puppygirlhornypost2</span></a></span> <span class="h-card" translate="no"><a href="https://social.vlhl.dev/users/navi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>navi</span></a></span> <em>nodds in agreement</em> the entire <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CensorBoot</span></a>-Stack is literally done to maximize pain and frustration, brick <a href="https://infosec.space/tags/DualBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DualBoot</span></a> / <a href="https://infosec.space/tags/MultiBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MultiBoot</span></a> setups and is by <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a>'s <a href="https://www.youtube.com/watch?v=U7VwtOrwceo&t=11m10s" rel="nofollow noopener noreferrer" target="_blank">own admission inherently & unfixably insecure</a>.</p><ul><li>As can be seen by the fact that they literally didn't even bother with <em>"<a href="https://infosec.space/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>"</em> on the <a href="https://infosec.space/tags/XboxOne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XboxOne</span></a> which remains uncracked to this day...</li></ul>
Frederic Jacobs<p>Given the long lifetime of automotive ECUs, pretty cool to see NXP's I.MX 94 family of automotive chips supports secure boot with post-quantum cryptography.<br><a href="https://www.nxp.com/company/about-nxp/newsroom/NW-NXP-NEW-IMX94-APPLICATIONS-PROCESSORS" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">nxp.com/company/about-nxp/news</span><span class="invisible">room/NW-NXP-NEW-IMX94-APPLICATIONS-PROCESSORS</span></a></p><p><a href="https://mastodon.social/tags/PQC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PQC</span></a> <a href="https://mastodon.social/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a></p>
trashHeap :hehim: :verified_gay:<p>Do you feel like secure boot has done anything to enhance your own personal security, keeping in mind the threat models you yourself worry about?</p><p>Or has it been more of a nuisance to you than a help?</p><p>Consumer desktop/laptop perspectives only please.</p><p><a href="https://tech.lgbt/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://tech.lgbt/tags/bsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bsd</span></a> <a href="https://tech.lgbt/tags/haikuos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>haikuos</span></a> <a href="https://tech.lgbt/tags/freebsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freebsd</span></a> <a href="https://tech.lgbt/tags/netbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>netbsd</span></a> <a href="https://tech.lgbt/tags/openbsd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openbsd</span></a> <a href="https://tech.lgbt/tags/ubuntu" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ubuntu</span></a> <a href="https://tech.lgbt/tags/fedora" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fedora</span></a> <a href="https://tech.lgbt/tags/debian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>debian</span></a> <a href="https://tech.lgbt/tags/opensuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>opensuse</span></a> <a href="https://tech.lgbt/tags/manjaro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>manjaro</span></a> <a href="https://tech.lgbt/tags/archlinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>archlinux</span></a> <a href="https://tech.lgbt/tags/efi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>efi</span></a> <a href="https://tech.lgbt/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a> <a href="https://tech.lgbt/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://tech.lgbt/tags/floss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>floss</span></a></p>
Stephan<p>systemd-ukify: Unified Kernel Image (UKI) für UEFI Secure Boot mit YubiKey signieren</p><p><a href="https://www.codingblatt.de/secure-boot-systemd-ukify-yubikey-signieren/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">codingblatt.de/secure-boot-sys</span><span class="invisible">temd-ukify-yubikey-signieren/</span></a></p><p><a href="https://social.tchncs.de/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://social.tchncs.de/tags/systemd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>systemd</span></a> <a href="https://social.tchncs.de/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://social.tchncs.de/tags/yubikey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>yubikey</span></a></p>
Norobiik @Norobiik@noc.social<p>If your <a href="https://noc.social/tags/PC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PC</span></a> can run <a href="https://noc.social/tags/Windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows11</span></a>, it can run <a href="https://noc.social/tags/24H2" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>24H2</span></a> (also known as the Windows 11 2024 Update). That means you need a fairly recent <a href="https://noc.social/tags/CPU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CPU</span></a> and a <a href="https://noc.social/tags/TPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TPM</span></a> 2.0 security chip. Beyond those, the absolute minimum hardware requirements are a 1GHz 2-core CPU, 4GB of <a href="https://noc.social/tags/RAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAM</span></a>, 64GB of disk space, and <a href="https://noc.social/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> capability. </p><p>What’s New in the Windows 11 24H2 Update?<br><a href="https://www.msn.com/en-gb/news/techandscience/what-s-new-in-the-windows-11-2024-update/ar-AA1rx4Cy" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">msn.com/en-gb/news/techandscie</span><span class="invisible">nce/what-s-new-in-the-windows-11-2024-update/ar-AA1rx4Cy</span></a></p>
IT News<p>Secure Boot-neutering PKfail debacle is more prevalent than anyone knew - Enlarge (credit: Getty Images) </p><p>A supply chain failure that com... - <a href="https://arstechnica.com/?p=2050182" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">arstechnica.com/?p=2050182</span><span class="invisible"></span></a> <a href="https://schleuss.online/tags/platformkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>platformkeys</span></a> <a href="https://schleuss.online/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://schleuss.online/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://schleuss.online/tags/rootkits" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rootkits</span></a> <a href="https://schleuss.online/tags/biz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>biz</span></a> <a href="https://schleuss.online/tags/pkfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pkfail</span></a> <a href="https://schleuss.online/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a></p>
Avoid the Hack! :donor:<p>Not sure if anyone else has mentioned this, but wanted to add a specific data point to the <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> and <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> dualboot problem: it affects USB installs too. Makes sense it covers all bootable media, but experiencing it firsthand kind of sucked. Kind of a doh moment. :ablobcatgoogly:</p><p>I have live <a href="https://infosec.exchange/tags/Kali" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kali</span></a> and <a href="https://infosec.exchange/tags/tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tails</span></a> sticks that won’t boot on the Windows machine (get the SBAT error).</p><p>Disabling Secure Boot allows it to boot (naturally, it will also boot if I plug it into my Linux machine). The temporary fix from <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> does work. As a note for TAILS users, you can’t run mokutils as sudo (which is needed) unless you enable setting administrator password on boot. </p><p><a href="https://infosec.exchange/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a></p>
SpaceLifeForm<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@adamshostack" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>adamshostack</span></a></span> </p><p>Remember when you had to place a jumper on the motherboard in order to update the BIOS?</p><p><a href="https://infosec.exchange/tags/BIOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BIOS</span></a> <a href="https://infosec.exchange/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://infosec.exchange/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a></p>
Avoid the Hack! :donor:<p><a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> confirms August updates break <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> boot in dual-boot systems</p><p>If you've already updated, then ther best way to get your impacted system running apparently is to disable Secure Boot, install your Linux distro, and re-enable Secure Boot.</p><p>Microsoft is still investigating.</p><p><a href="https://infosec.exchange/tags/windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>windows</span></a> <a href="https://infosec.exchange/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a></p><p><a href="https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-august-updates-break-linux-boot-in-dual-boot-systems/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/micr</span><span class="invisible">osoft/microsoft-confirms-august-updates-break-linux-boot-in-dual-boot-systems/</span></a></p>
Gabriele Svelto<p>I've found a lot of conflicting and confusing reports about the <a href="https://fosstodon.org/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> issue caused by a Microsoft update, so here's my relatively informed take about it.</p><p>Spoilers: this isn't an issue with GRUB, but with another less known bootloader called shim. GRUB can also be affected though. So let's talk about how the bootchain of a <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> distro works and what happened to it. 🧵 1/11</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload