Re: Windows Secure Boot certificate expiration (June 2026)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Em qui., 10 de jul. de 2025, 12:42, Gerd Hoffmann <kraxel@xxxxxxxxxx> escreveu:
On Wed, Jul 09, 2025 at 05:42:23PM +0200, Florian Weimer wrote:
> * Gerd Hoffmann:
>
> >> At least for me it seems to be a extremely generic update that doesn't rely
> >> on hardware specific characteristics as is with a full BIOS update.
> >
> > Correct.  It's literally just the new ms kek key with a pkcs7 signature
> > from the hardware vendor's PK key.  No code update.
>
> Still it needs to go through QA because it has a significant risk of
> corrupting the boot path.

Sure.  It's a first in the secure boot world and has the potential to
break a bunch of stuff.  Specifically I think with the boot signature
chain changing some TPM PCR measurements will change too, so TPM being
is used for LUKS disk encryption most likely is affected and will need
some extra attention.

Would it be the same root cause from when every so often Microsoft releases a update related to Secure Boot and Windows users get thrown into the BitLocker recovery asking for a key that many of them have no idea how to get? (And they also can't use the Microsoft account backup because they have no access)


But it shouldn't be the "broken bios update might brick the machine"
level of risk.

take care,
  Gerd

--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux