• Eager Eagle@lemmy.world
    link
    fedilink
    English
    arrow-up
    26
    arrow-down
    1
    ·
    4 months ago

    Secure boot borking systems? Windows assuming it’s the only OS on the machine? I’m shocked

    • Leaflet@lemmy.worldOP
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      6
      ·
      4 months ago

      Windows assuming it’s the only OS on the machine

      That’s not the case. The update was only meant to go out to Windows users. But Microsoft messed up and accidentally released to all users, or at least some who weren’t supposed to receive it. My guess is that Microsoft usually doesn’t update secure boot stuff for dual boot users and instead waits for the distro to push the update.

        • Skull giver@popplesburger.hilciferous.nl
          link
          fedilink
          arrow-up
          3
          arrow-down
          1
          ·
          4 months ago

          Bottom line is that Linux distros never really bothered to apply a real fix for a security vulnerability and decided to muck on with a quick patch and a lot of hope. This wouldn’t have been an issue if distros fixed their boot configuration two years ago when the problem became publicly known.

          • Eager Eagle@lemmy.world
            link
            fedilink
            English
            arrow-up
            3
            ·
            4 months ago

            It’s a vulnerability that affects secure boot through grub. MS is the interested party in patching it because they’re the ones selling secure boot certifications. It doesn’t surprise me a bit if the open source community is not interested in patching secure boot holes.

            • Skull giver@popplesburger.hilciferous.nl
              link
              fedilink
              arrow-up
              1
              ·
              4 months ago

              They’re not selling anything, they’ve signed the shim loader in collaboration with the Linux community, which then takes control. The shim (the part printing the error message everyone is reporting) didn’t get an update, nor a new signature, because it didn’t need one. It was designed so that distros can compile and run Grub without having to go through the certification process.

              Grub was patched two years ago to not execute code at ring 0 when a funky font file gets placed on the boot drive. If you don’t care about that, just disable secure boot entirely and the message goes away.