Linux

56646 readers

431 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 6 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

132

Linux and Secure Boot certificate expiration (lwn.net)

submitted 5 days ago by HaraldvonBlauzahn@feddit.org to c/linux@lemmy.ml

53 comments fedilink hide all child comments

Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen. It seems that the vast majority of systems will not be lost in the shuffle, but it may require extra work from distributors and users.

you are viewing a single comment's thread
view the rest of the comments

[–] SheeEttin@lemmy.zip 6 points 4 days ago (2 children)

If secure boot is off, and you run malware on your pc, it can change the boot process to escalate privileges.

This probably requires root or admin in the first place, but if they can install a malware loader, they can establish persistence so that even if you remove the os-level components, they'll be reinstalled on reboot.

[–] HaraldvonBlauzahn@feddit.org 1 points 4 days ago* (last edited 3 days ago)

If secure boot is off, and you run malware on your pc, it can change the boot process to escalate privileges.

This is technically correct, but on a desktop system, malware executing in user space is normally already game over. It can exfiltrate and send your passwords or ssh private keys, change browser certificates or browser software, add user systemd sessions or crontab entries and can generally e.g. do everything a banking trojan would like to do.

[–] Technus@lemmy.zip 1 points 4 days ago

Yeah, but the malware can just wait for a system upgrade where you sign a new boot image and slip itself in then.

It works for Windows because theoretically only Microsoft would have the signing key and it's not just sitting on disk somewhere. But then you're just trusting Microsoft, and also subject to vendor lock-in.