Conversation

Notices

1. muesli (fribbledom@mastodon.social)'s status on Saturday, 03-Sep-2022 10:21:10 UTC muesli

   If you dual boot Linux and Windows on your machine, be careful with the most recent Window updates!

   Microsoft disabled more than 100 SecureBoot signatures and locks out distros like Ubuntu 20.04 or Manjaro from booting on your computer.

   You can temporarily disable SecureBoot in your BIOS settings, should you already be affected by this situation.

   • CarbonCatalyst (carboncatalyst@mastodon.social)'s status on Saturday, 03-Sep-2022 10:41:04 UTC CarbonCatalyst

     in reply to

     • muesli

     @fribbledom I so don't regret, that my windows install now resides on my backup server as a compressed disk image...

   • Steinar Bang (steinarb@mastodon.social)'s status on Saturday, 03-Sep-2022 10:51:09 UTC Steinar Bang

     in reply to

     • muesli

     @fribbledom I knew it was a good idea to scrub windows completely! https://steinar.bang.priv.no/2022/07/31/installing-debian-11-bullseye-using-pxe-boot-on-an-acer-aspire-5-a515-45-laptop/

     Actually I didn't know... on previous laptops I almost never rebooted into windows anyway, so I just didn't want to waste the disk space this time around.

     Also, scrubbing windows would save me having to mess about with having to preserve and resize the windows partition(s)

   • Xerz! :blobcathearttrans: (xerz@fedi.xerz.one)'s status on Saturday, 03-Sep-2022 11:53:36 UTC Xerz! :blobcathearttrans:

     in reply to

     • muesli

     @fribbledom Source for this? The UEFI revocation list is hardcoded and the only thing I can find is these reported CVEs https://www.bleepingcomputer.com/news/security/microsoft-blocks-uefi-bootloaders-enabling-windows-secure-boot-bypass/

   • muesli (fribbledom@mastodon.social)'s status on Saturday, 03-Sep-2022 11:55:01 UTC muesli

     in reply to

     • Xerz! :blobcathearttrans:

     @xerz

     In German: https://www.heise.de/hintergrund/Bootloader-Signaturen-per-Update-zurueckgezogen-Microsoft-bootet-Linux-aus-7250544.html

   • muesli (fribbledom@mastodon.social)'s status on Saturday, 03-Sep-2022 12:56:08 UTC muesli

     in reply to

     • gudenau

     @gudenau

     I don't think it's just Microsoft. This probably goes all the way back to the 'Trusted Computing Platform Alliance' (TCPA) from 20 years ago.

     It's a consortium with dozens of members, including Microsoft, Intel, but also Red Hat and Meta.

   • gudenau (gudenau@mastodon.technology)'s status on Saturday, 03-Sep-2022 12:56:09 UTC gudenau

     in reply to

     • muesli

     @fribbledom Why is Microsoft the gatekeeper here? It has always been a conflict of interests.

   • Sten J. Pettersen (stenpett@mastodon.social)'s status on Sunday, 04-Sep-2022 08:44:39 UTC Sten J. Pettersen

     in reply to

     • muesli

     @fribbledom This is precisely why I have Windows and Linux on separate physical SSDs, and boot from my Linux disk.

     I used to boot from my Windows disk, but ever since Microsoft pushed an update that wiped my Linux partition, it's been two separate disks, and as far as Windows is concerned, that Linux disk doesn't exist...

   • muesli (fribbledom@mastodon.social)'s status on Sunday, 04-Sep-2022 10:44:32 UTC muesli

     in reply to

     • Sten J. Pettersen

     @stenpett

     Not the worst idea, but this actually doesn't help here: these signatures are not stored on disk, it's more like a BIOS update, where Microsoft updates the signatures of boot managers that are allowed to run on your machine.

   • Sten J. Pettersen (stenpett@mastodon.social)'s status on Sunday, 04-Sep-2022 10:47:38 UTC Sten J. Pettersen

     in reply to

     • muesli

     @fribbledom Yet another justification for disabling secure boot when I built the machine...