[GoLUG] Microsoft's Secure Boot UEFI bootloader signing key expires in September, posing problems for Linux user

[kc-golug at chadwicks.me.uk]

7 Sept 2025 02:47:36 Steve Litt <slitt at troubleshooters.com>:

> That goes for UEFI too. The minute I read about it, I knew it was the
> wrong solution. It's so complicated nobody can explain it, whereas the
> old MBR method was so trivial anybody could write a Python program to
> tweak as necessary.

I agree with that more than secureboot but for all the virtues of secureboot you see Google permitting apps like Netflix to ridiculously block their install on e.g. LineageOS even if the bootloader was relocked and Google permit wallet on old android full of root exploits where a screen capture could steal card details or probably fake touch inputs yet they block it on the latest secure lineage os.

I tried installing Linux on a tablet given to us with a 32 bit UEFI. Devuan didn't have bootia32.efi, Mint did but then you had to fix the install with chroot because it didn't install 32 bit uefi support with a 64 bit install. Windows gives it if you create a special iso with both 32 anf 64 bit. I never testef if that install works but I guess it would. There is an efi bootloader that is easier than most apparently but yeah mbr was so much preferred by me. I always disable the efi networking too as I would never trust the out of date C firmware. They're making debug ports more and more accessible too, which is a joke.