Linux users face a Microsoft Secure Boot headache – here's the painkiller
10 hours ago
- #Linux
- #Secure Boot
- #UEFI
- Secure Boot, a Microsoft-supported security mechanism, is causing concerns for Linux users due to expiring certificates from 2011.
- The expiring certificates are set to reach their end of life in 2026, but existing Linux installations will continue to boot normally.
- Microsoft has created new Secure Boot certificates in 2023, and firmware updates are needed to incorporate these keys for future compatibility.
- Linux distributions that use a Microsoft-signed shim bootloader may face issues with new or updated distros if firmware isn't updated.
- Users should update their firmware using tools like fwupd or vendor-provided updates to ensure compatibility with new Secure Boot keys.
- It's recommended to test current Linux ISOs with Secure Boot enabled after updating firmware to confirm everything works properly.
- Disabling Secure Boot is a common workaround but not advisable as it removes a layer of security against rootkits and malware.
- For servers, inventory systems with Secure Boot, standardize firmware versions with new keys, and test new distro releases early.
- Major Linux distributions like Fedora, Ubuntu, and SUSE have already addressed the certificate expiration issue in their releases.