[GoLUG] Microsoft's Secure Boot UEFI bootloader signing key expires in September, posing problems for Linux user
Hendrik Boom
hendrik at topoi.pooq.com
Sun Sep 7 19:31:09 EDT 2025
On Sun, Sep 07, 2025 at 08:08:24AM -0400, Steve Litt wrote:
>
> On Sun, 7 Sep 2025 11:04:11 +0100 (GMT+01:00)
> kc-golug at chadwicks.me.uk wrote:
>
> > 7 Sept 2025 02:47:36 Steve Litt <slitt at troubleshooters.com>:
> >
> > > Turn it off now, before you risk brickage.
> >
> > Is there a risk of brickage? I seem to be able to just turn it off if
> > secure boot blocks booting.
>
> Yeah, I might have gone too far with the talk of brickage, which was
> based on:
>
> 1) Certain computer vendors and models had UEFIs that would brick the
> machine if you erased your /boot directory.
>
> 2) Another web page besides, Tom's Hardware Guide, that went even
> farther than Tom's Hardware Guide and said your machine could get
> bricked. However, that web page was very strident, written by people
> who appeared to be very litigious and paranoid, so I don't find it
> credible.
>
> I think your point is that on your machine, after September 25, when
> your Linux doesn't boot because the shim's key is expired, you can just
> power down the machine, power it back up, go into the "BIOS", and turn
> off Secure Boot. To the extent that this is true on every machine, my
> use of the word "brickage" was paranoia.
>
> But when it comes to UEFI, nothing bad would surprise me :-)
I have a Windows 7 laptop I have been unable to figure out how to shut
off secure boot in order to boot up a Linux installer.
I've tried using the BIOS but it appears to have been locked down with an
unkown password.
-- hendrik
More information about the GoLUG
mailing list