openSUSE Linux<p><a href="https://fosstodon.org/tags/Secureboot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Secureboot</span></a>, seamless updates, and smarter system extensions: In this <a href="https://fosstodon.org/tags/oSC25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oSC25</span></a> session, dive into major upcoming features like FDE+TPM in YaST2, <a href="https://fosstodon.org/tags/systemd" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>systemd</span></a>-sysext on MicroOS, and new tools like <a href="https://fosstodon.org/tags/sndiff" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sndiff</span></a>. A must-watch on future of openSUSE! <a href="https://youtu.be/MPMrlUj1sVA?si=bMjxsJtyIOEyqzgb" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">youtu.be/MPMrlUj1sVA?si=bMjxsJ</span><span class="invisible">tyIOEyqzgb</span></a></p>
#SecureBoot
9 posts9 participants0 posts today
AllinOne-Geräte von Lenovo IdeaCentre AIO 3 24ARR9, 27ARR9, sowie Yoga AIO 27IAH10, 32ILL10, und 32IRH8 brauchen ein Firmwareupdate. Für das IdeaCenter AIO 3 gibt es das schon. Updaten!
Für die betroffene Yoga-Baureihe erst ab September.
https://support.lenovo.com/us/en/product_security/LEN-201013
Hintergrund: Lenovo warnt vor schwerwiegenden Fehlern, die es Angreifern ermöglichen könnten, Secure Boot auf All-in-One-Desktops mit angepasster Insyde UEFI-Firmware zu umgehen.
https://www.insyde.com/security-pledge/sa-2025007
So I am trying to ensure the setups on my laptops are secureboot setup this time. I figure its a decent idea to keep with some kind of standard there.
I rebuilt the HP because my full disk encryption setup was just too irritating. Gonna have to just keep encryption to external drives I suppose.
This Week in Security: Sharepoint, Initramfs, and More https://hackaday.com/2025/07/25/this-week-in-security-sharepoint-initramfs-and-more/ #ThisWeekinSecurity #HackadayColumns #SecurityHacks #SecureBoot #SharePoint #linux
Hackaday · This Week In Security: Sharepoint, Initramfs, And MoreThere was a disturbance in the enterprise security world, and it started with a Pwn2Own Berlin. [Khoa Dinh] and the team at Viettel Cyber Security discovered a pair of vulnerabilities in Microsoft&…
This Week in Security: Sharepoint, Initramfs, and More - There was a disturbance in the enterprise security world, and it started with a Pw... - https://hackaday.com/2025/07/25/this-week-in-security-sharepoint-initramfs-and-more/ #thisweekinsecurity #hackadaycolumns #securityhacks #secureboot #sharepoint #linux
Hackaday · This Week In Security: Sharepoint, Initramfs, And MoreThere was a disturbance in the enterprise security world, and it started with a Pwn2Own Berlin. [Khoa Dinh] and the team at Viettel Cyber Security discovered a pair of vulnerabilities in Microsoft&…
Microsoft has a signing key that many #Linux distributions use to support #SecureBoot, and that key expire on September 11, 2025
A replacement key has existed since 2023, but apparently - many systems don’t support it yet
Fixing this problem requires firmware updates from original equipment manufacturers (OEM) but there is a risk that not all OEMs will issue updates - especially those for older, or less popular devices
https://www.techradar.com/pro/security/linux-users-are-about-to-face-another-major-microsoft-secure-boot-issue
TechRadar · Linux users are about to face another major Microsoft Secure Boot issue
System Security (ThinkPad T14s Gen4 AMD Ryzen)
- Untainted Kernel in Lockdown mode
- Secure boot active with modern signature
- All modern security features active
- Full-Disk-Encryption with key on physical SmartCard from @nitrokey)
(With modern UEFI CA, because of the upcoming key replacement: https://burningboard.net/@Larvitz/114884582215696742)
Gros soucis en perspective (11 septembre) pour toutes les distributions Linux qui utilisent la clé SecureBoot fournie par Microsoft. Son certificat va expirer.
LWN.netLinux and Secure Boot certificate expirationLinux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a ke [...]
Replied to Larvitz 
So what? Switch SB off and you're done. SB was invented by M$ to mitigate design faults in UEFI and in Windows. Linux doesn't need it.
Some Linux users might be interested, reading about this (Subscriber link, that bypasses the Paywall, since I find this information important to spread for awareness):
https://lwn.net/SubscriberLink/1029767/0a550f0972703141/
„Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen.“
LWN.netLinux and Secure Boot certificate expirationLinux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a ke [...]
#Gigabyte motherboards vulnerable to #UEFI #malware bypassing #SecureBoot
BleepingComputer · Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot
Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment https://www.securityweek.com/flaws-in-gigabyte-firmware-allow-security-bypass-backdoor-deployment/ #EndpointSecurity #vulnerability #secureboot #backdoor #firmware #Gigabyte