[GoLUG] Microsoft's Secure Boot UEFI bootloader signing key expires in September, posing problems for Linux user
Steve Litt
slitt at 444domains.com
Sun Sep 7 08:08:24 EDT 2025
On Sun, 7 Sep 2025 11:04:11 +0100 (GMT+01:00)
kc-golug at chadwicks.me.uk wrote:
> 7 Sept 2025 02:47:36 Steve Litt <slitt at troubleshooters.com>:
>
> > Turn it off now, before you risk brickage.
>
> Is there a risk of brickage? I seem to be able to just turn it off if
> secure boot blocks booting.
Yeah, I might have gone too far with the talk of brickage, which was
based on:
1) Certain computer vendors and models had UEFIs that would brick the
machine if you erased your /boot directory.
2) Another web page besides, Tom's Hardware Guide, that went even
farther than Tom's Hardware Guide and said your machine could get
bricked. However, that web page was very strident, written by people
who appeared to be very litigious and paranoid, so I don't find it
credible.
I think your point is that on your machine, after September 25, when
your Linux doesn't boot because the shim's key is expired, you can just
power down the machine, power it back up, go into the "BIOS", and turn
off Secure Boot. To the extent that this is true on every machine, my
use of the word "brickage" was paranoia.
But when it comes to UEFI, nothing bad would surprise me :-)
SteveT
Steve Litt
Spring 2023 featured book: Troubleshooting Techniques of the Successful
Technologist http://www.troubleshooters.com/techniques
More information about the GoLUG
mailing list