Solved Linux users face a Microsoft Secure Boot headache - here's the painkiller


Borg 386

Borg 386

Well-known member
Power User
VIP
Local time
3:20 PM
Posts
2,368
Location
In a crazy house with a cat trying to kill me
OS
Win 11 Pro, Win 10 pro, Win 13.7 Pro Chinese Ver

My Computer My Computer

At a glance

Win 11 Pro, Win 10 pro, Win 13.7 Pro Chinese Ver12th Gen Intel(R) Core(TM) i9-12900 2.40 GHz64.0 GB of transcendental dimensional RAMNVIDIA GeForce RTX 3070 Ti
OS
Win 11 Pro, Win 10 pro, Win 13.7 Pro Chinese Ver
Computer type
PC/Desktop
Manufacturer/Model
It's a Dell Dude
CPU
12th Gen Intel(R) Core(TM) i9-12900 2.40 GHz
Motherboard
Father is bored too...
Memory
64.0 GB of transcendental dimensional RAM
Graphics Card(s)
NVIDIA GeForce RTX 3070 Ti
Sound Card
N/A
Monitor(s) Displays
27" Samsung Monitor/Alternative Dimensional Viewing Portal
Screen Resolution
Fuzzy after a couple drinks
Hard Drives
2 or 3, depending on if it's a night they're arguing about having a "split personality crisis" because I partitioned the drive.
PSU
Shockingly active
Case
Don't get on my case....man
Cooling
Scotch on the rocks on the weekends.
Keyboard
Steel Series Lighted Glow in the dark something or another
Mouse
Currently being stalked by the cat...
Internet Speed
DSL
Browser
Defeated by Mario...wait...OH...BRowser...
Antivirus
Yep
As normal, a fairly useless ZDNet article. Just install the normal Windows Secure Boot updates, and you'll get the Microsoft UEFI CA 2023 cert which signs most modern Linux boot loaders or do what all the Linux kids have been doing for decades: install your own certs and ignore whatever MS does.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
Linux uses a Microsoft shim within the EFI/Boot partition
when the new secure boot certs are installed either by firmware update or manually
the secure boot shim is also updated with the relevant data to boot from secure boot.

in truth its easier to update the secure boot certs and keys on Linux then it is on Windows.
best of luck Steve ..
 

My Computers My Computers

System One System Two

  • At a glance

    Debian 13 KDE .. Windows 11 HomeRyzen 7 5825u64GB DDR4 3200Ryzen 7 5825u
    OS
    Debian 13 KDE .. Windows 11 Home
    Computer type
    PC/Desktop
    Manufacturer/Model
    HP 24" AiO
    CPU
    Ryzen 7 5825u
    Motherboard
    HP
    Memory
    64GB DDR4 3200
    Graphics Card(s)
    Ryzen 7 5825u
    Sound Card
    RealTek
    Monitor(s) Displays
    24" HP AiO
    Screen Resolution
    1920 x 1080 @60 Hz
    Hard Drives
    1TB WD Blue SN580 M2 SSD Partitioned.
    2x 1TB USB HDD External Backup/Storage.
    PSU
    90W external power brick
    Case
    24" All in One
    Cooling
    Default Air Cooling
    Keyboard
    HP WiFi UK extended
    Mouse
    HP WiFi 3 Button
    Internet Speed
    1GB full fibre
    Browser
    Edge & Firefox
    Antivirus
    AVG Internet Security/Windows Defender
    Other Info
    Mainly Open Source Software

  • At a glance

    Ubuntu 22.04.5 LTSi5 7200u16GB DDR4Intel
    Operating System
    Ubuntu 22.04.5 LTS
    Computer type
    Laptop
    Manufacturer/Model
    Dell 13" Latitude 2017
    CPU
    i5 7200u
    Motherboard
    Dell
    Memory
    16GB DDR4
    Graphics card(s)
    Intel
    Sound Card
    Intel
    Monitor(s) Displays
    13" Dell Laptop
    Hard Drives
    250GB Crucial 2.5" SSD
    Mouse
    Generic WiFi 3 button
    Internet Speed
    WiFi only
    Browser
    Firefox
    Antivirus
    ClamAV TK
    Other Info
    Mainly Open Source Software
MS is only revoking the PCA 2011 cert used for signing Windows, and not revoking "Microsoft Corporation UEFI CA 2011" which may sign older boot shims.

Where it may bite Linux users is the Secure Boot task wants to push out a specific SBAT config. You can opt out of the SBAT update by using a reg key, only if the Secure Boot task hasn't already installed the SBAT.
 

My Computer My Computer

At a glance

Windows 7
OS
Windows 7
You can always turn secure boot off to allow Linux to run on a hard disk. Not a problem in a VM.
 

My Computers My Computers

System One System Two

  • At a glance

    Windows 11 Education For 25H2Intel® Core i7 5500u8 GBIntel HD Family Graphics 5500 AMD Firepro 4150M
    OS
    Windows 11 Education For 25H2
    Computer type
    Laptop
    Manufacturer/Model
    HP ZBook G2
    CPU
    Intel® Core i7 5500u
    Motherboard
    HP
    Memory
    8 GB
    Graphics Card(s)
    Intel HD Family Graphics 5500 AMD Firepro 4150M
    Sound Card
    Realtek High Audio
    Hard Drives
    1 TB SSD
    Mouse
    HP USB Mouse
    Antivirus
    Windows Defender

  • At a glance

    Windows 11 Pro For Workstations 25H2Xeon 1535m v632 GBAMD Quadro Pro 4100
    Operating System
    Windows 11 Pro For Workstations 25H2
    Computer type
    Laptop
    Manufacturer/Model
    HP Zbook G4
    CPU
    Xeon 1535m v6
    Motherboard
    HP
    Memory
    32 GB
    Graphics card(s)
    AMD Quadro Pro 4100
    Sound Card
    Bang and Olufson Audio
    Hard Drives
    1TB SSD
    Mouse
    HP USB Mouse
    Antivirus
    Windows Defender
You must log in or register to reply here.

Similar threads

Linux users - both Host and VM's Kernel 7.0 out now
Replies
1
Views
437
cereberus
cereberus
For Linux users (VM's etc =) Linus Torvalds uses Fedora !!
2 3
Replies
47
Views
5K
Scannerman
Scannerman
  • Sticky
  • Article Article
Updating Microsoft Secure Boot keys before expiration in June 2026
26 27 28
Replies
556
Views
110K
Phirevixen
P

Latest Support Threads

Latest Tutorials

Back
Top Bottom