lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

64
active users

#secureboot

0 posts0 participants0 posts today
heise Security<p>Vorbereiten auf Einschlag: Microsoft warnt vor Secure-Boot-Zertifikat-Update</p><p>"Bereite dich auf das erste globale, großflächige Secure-Boot-Zertifikat-Update vor", warnt Microsoft. Nicht nur Windows ist betroffen.</p><p><a href="https://www.heise.de/news/Vorbereiten-auf-Einschlag-Microsoft-warnt-vor-Secure-Boot-Zertifikat-Update-10461866.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/news/Vorbereiten-auf-</span><span class="invisible">Einschlag-Microsoft-warnt-vor-Secure-Boot-Zertifikat-Update-10461866.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/IT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IT</span></a> <a href="https://social.heise.de/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://social.heise.de/tags/macOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>macOS</span></a> <a href="https://social.heise.de/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> <a href="https://social.heise.de/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a> <span class="h-card" translate="no"><a href="https://feddit.org/c/de_edv" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>de_edv</span></a></span></p>
openSUSE Linux<p>Unified <a href="https://fosstodon.org/tags/Kernel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kernel</span></a> Images in <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a>: stronger boot, simplified structure. 🔐 Register for the <a href="https://fosstodon.org/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> Conference and <a href="https://fosstodon.org/tags/learn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>learn</span></a> more. <a href="https://fosstodon.org/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://events.opensuse.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">events.opensuse.org/</span><span class="invisible"></span></a></p>
TechnoTenshi :verified_trans: :Fire_Lesbian:<p>Another major Secure Boot bypass (CVE-2025-3052) affects UEFI devices, letting attackers run unsigned code during boot via unsafe NVRAM variable handling. Microsoft’s Patch Tuesday adds 14 new dbx hashes to mitigate. </p><p><a href="https://www.binarly.io/blog/another-crack-in-the-chain-of-trust" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">binarly.io/blog/another-crack-</span><span class="invisible">in-the-chain-of-trust</span></a></p><p><a href="https://infosec.exchange/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://infosec.exchange/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> <a href="https://infosec.exchange/tags/SupplyChain" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SupplyChain</span></a> <a href="https://infosec.exchange/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cloudisland.nz/@aurynn" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aurynn</span></a></span> the problem is that <a href="https://infosec.space/tags/vendors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vendors</span></a> have neither interest nor incentive to work with 3rd party <a href="https://infosec.space/tags/ROMs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ROMs</span></a> like <span class="h-card" translate="no"><a href="https://fosstodon.org/@LineageOS" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>LineageOS</span></a></span> nor <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GrapheneOS</span></a></span>.</p><ul><li>If it was my decision there would be a legal <a href="https://infosec.space/tags/mandate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mandate</span></a> to <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.space/tags/Firmware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Firmware</span></a>, <a href="https://infosec.space/tags/Hardware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hardware</span></a> and release the <a href="https://infosec.space/tags/keys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keys</span></a> for any <em>"<a href="https://infosec.space/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>"</em> mechanism once a <a href="https://infosec.space/tags/device" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>device</span></a> doesn't get first party updates that are less than a week old, but that would require <span class="h-card" translate="no"><a href="https://ec.social-network.europa.eu/@EUCommission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EUCommission</span></a></span>, <span class="h-card" translate="no"><a href="https://respublicae.eu/@europarl_en" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>europarl_en</span></a></span> and/or <span class="h-card" translate="no"><a href="https://social.bund.de/@Bundesregierung" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Bundesregierung</span></a></span> to care and be willing to enforce that!</li></ul>
neatchee<p>This was a fascinating read <a href="https://neodyme.io/en/blog/bitlocker_screwed_without_a_screwdriver/#teaser" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">neodyme.io/en/blog/bitlocker_s</span><span class="invisible">crewed_without_a_screwdriver/#teaser</span></a></p><p><a href="https://urusai.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://urusai.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://urusai.social/tags/itsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itsec</span></a> <a href="https://urusai.social/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a></p>
Tommi Nieminen<p>This is worse than it seemed at first. Even though <a href="https://mastodontti.fi/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> is *disabled* in <a href="https://mastodontti.fi/tags/BIOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BIOS</span></a>, the <a href="https://mastodontti.fi/tags/MOK" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MOK</span></a> volume is still full and one cannot boot SecureBoot-aware systems. I *could* boot with a <a href="https://mastodontti.fi/tags/SystemRescue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemRescue</span></a> stick, but not with <a href="https://mastodontti.fi/tags/openSUSE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSE</span></a> <a href="https://mastodontti.fi/tags/Tumbleweed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tumbleweed</span></a> or <a href="https://mastodontti.fi/tags/Leap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Leap</span></a> installation images.</p><p>Quick googling seemed to point to resetting the key storage to factory defaults, so I did that. Now Leap installation is safely under way.</p>
Tommi Nieminen<p>Äh, <a href="https://mastodontti.fi/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> my arse… <a href="https://mastodontti.fi/tags/openSUSETumbleweed" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openSUSETumbleweed</span></a>'in päivitys aiheutti, ettei <a href="https://mastodontti.fi/tags/kannettava" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kannettava</span></a> käynnisty lainkaan. ”Could not create MOKListRT”, koska ”Volume full”. Enkä edes tarvitsisi SecureBootia vaan jättänyt sen vain, kun ei siitä (yleensä) ole haittaakaan ollut. Koko kone asennettava ilmeisesti alusta. <a href="https://mastodontti.fi/tags/atkjuttuja" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>atkjuttuja</span></a> <a href="https://mastodontti.fi/tags/miehenel%C3%A4m%C3%A4%C3%A4" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>miehenelämää</span></a></p>
Arg à meudon<p>Secure Boot: ✓ Enabled</p><p>Thanks Lanzaboote!<br>(<a href="https://github.com/nix-community/lanzaboote" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/nix-community/lanza</span><span class="invisible">boote</span></a>)</p><p><a href="https://todon.eu/tags/Nixos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nixos</span></a> <a href="https://todon.eu/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a></p>
DansLeRuSH ᴱᶰ<p><a href="https://floss.social/tags/Bootkitty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bootkitty</span></a> : Analyzing the first <a href="https://floss.social/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> bootkit for <a href="https://floss.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> </p><p>« ESET researchers analyze the first UEFI bootkit designed for Linux systems » by Martin Smolár and Peter Strýček</p><p>› <a href="https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/bootkitty-analyzing-first-uefi-bootkit-linux/</span></a></p><p><a href="https://floss.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://floss.social/tags/bootkit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bootkit</span></a> <a href="https://floss.social/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a></p>
heise online English<p>UEFI bootkit "Bootkitty" for Linux is a university project from South Korea</p><p>Several security researchers have examined the prototype and made interesting findings. Bootkitty also uses the LogoFail bug to bypass Secure Boot.</p><p><a href="https://www.heise.de/en/news/UEFI-bootkit-Bootkitty-for-Linux-is-a-university-project-from-South-Korea-10186510.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">heise.de/en/news/UEFI-bootkit-</span><span class="invisible">Bootkitty-for-Linux-is-a-university-project-from-South-Korea-10186510.html?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&amp;utm_source=mastodon</span></a></p><p><a href="https://social.heise.de/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> <a href="https://social.heise.de/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> <a href="https://social.heise.de/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://social.heise.de/tags/UEFI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UEFI</span></a> <a href="https://social.heise.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://transfem.social/@puppygirlhornypost2" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>puppygirlhornypost2</span></a></span> <span class="h-card" translate="no"><a href="https://social.vlhl.dev/users/navi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>navi</span></a></span> <em>nodds in agreement</em> the entire <a href="https://infosec.space/tags/CensorBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CensorBoot</span></a>-Stack is literally done to maximize pain and frustration, brick <a href="https://infosec.space/tags/DualBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DualBoot</span></a> / <a href="https://infosec.space/tags/MultiBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MultiBoot</span></a> setups and is by <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a>'s <a href="https://www.youtube.com/watch?v=U7VwtOrwceo&amp;t=11m10s" rel="nofollow noopener noreferrer" target="_blank">own admission inherently &amp; unfixably insecure</a>.</p><ul><li>As can be seen by the fact that they literally didn't even bother with <em>"<a href="https://infosec.space/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>"</em> on the <a href="https://infosec.space/tags/XboxOne" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XboxOne</span></a> which remains uncracked to this day...</li></ul>
David Sardari<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@Gentoo_eV" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Gentoo_eV</span></a></span> Given that I get a KVM console in time, I will demonstrate my installation guide (<a href="https://gentoo.duxsco.de/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gentoo.duxsco.de/</span><span class="invisible"></span></a>) in English using a <a href="https://fedifreu.de/tags/Hetzner" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Hetzner</span></a> dedicated server.</p><ul><li><strong>What?</strong> <em>Beyond Secure Boot – Measured Boot on Gentoo Linux?</em></li><li><strong>When?</strong> Saturday, 2024-10-19 at 18:00 UTC (20:00 CEST)</li><li><strong>Where?</strong> Video call via BigBlueButton: <a href="https://bbb.gentoo-ev.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">bbb.gentoo-ev.org/</span><span class="invisible"></span></a></li></ul><p>The final setup will feature:</p><ul><li><a href="https://fedifreu.de/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a>: All EFI binaries and unified kernel images are signed.</li><li><a href="https://fedifreu.de/tags/MeasuredBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MeasuredBoot</span></a>: <a href="https://fedifreu.de/tags/clevis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clevis</span></a> and <a href="https://fedifreu.de/tags/tang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tang</span></a> will be used to check the system for manipulations via <a href="https://fedifreu.de/tags/TPM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TPM</span></a> 2.0 PCRs and for remote LUKS unlock (you don't need tty).</li><li>Fully encrypted: Except for ESPs, all partitions are <a href="https://fedifreu.de/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LUKS</span></a> encrypted.</li><li><a href="https://fedifreu.de/tags/RAID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAID</span></a>: Except for ESPs, <a href="https://fedifreu.de/tags/btrfs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>btrfs</span></a> and <a href="https://fedifreu.de/tags/mdadm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mdadm</span></a> based <a href="https://fedifreu.de/tags/RAID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RAID</span></a> are used for all partitions.</li><li>Rescue System: A customised <a href="https://fedifreu.de/tags/SystemRescue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SystemRescue</span></a> (<a href="https://www.system-rescue.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">system-rescue.org/</span><span class="invisible"></span></a>) supports SSH logins and provides a convenient chroot.sh script.</li><li>Hardened <a href="https://fedifreu.de/tags/Gentoo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Gentoo</span></a> <a href="https://fedifreu.de/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> for a highly secure, high stability production environment.</li><li>If enough time is left at the end, <a href="https://fedifreu.de/tags/SELinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SELinux</span></a> which provides Mandatory Access Control using type enforcement and role-based access control</li></ul>
David Sardari<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@Gentoo_eV" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Gentoo_eV</span></a></span> I linked your announcement at the top of every page at:<br><a href="https://gentoo.duxsco.de/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">gentoo.duxsco.de/</span><span class="invisible"></span></a></p><p><a href="https://fedifreu.de/tags/gentoo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gentoo</span></a> <a href="https://fedifreu.de/tags/measuredboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>measuredboot</span></a> <a href="https://fedifreu.de/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://fedifreu.de/tags/systemrescue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>systemrescue</span></a></p>
Avoid the Hack! :donor:<p>Not sure if anyone else has mentioned this, but wanted to add a specific data point to the <a href="https://infosec.exchange/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> and <a href="https://infosec.exchange/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> dualboot problem: it affects USB installs too. Makes sense it covers all bootable media, but experiencing it firsthand kind of sucked. Kind of a doh moment. :ablobcatgoogly:</p><p>I have live <a href="https://infosec.exchange/tags/Kali" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Kali</span></a> and <a href="https://infosec.exchange/tags/tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tails</span></a> sticks that won’t boot on the Windows machine (get the SBAT error).</p><p>Disabling Secure Boot allows it to boot (naturally, it will also boot if I plug it into my Linux machine). The temporary fix from <a href="https://infosec.exchange/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Microsoft</span></a> does work. As a note for TAILS users, you can’t run mokutils as sudo (which is needed) unless you enable setting administrator password on boot. </p><p><a href="https://infosec.exchange/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a></p>
jbz<p>🔐 Secure Boot is completely broken on 200+ models from 5 big device makers <br>— Ars Technica </p><p>「 In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key, the cryptographic key that forms the root-of-trust anchor between the hardware device and the firmware that runs on it 」</p><p><a href="https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/</span></a></p><p><a href="https://indieweb.social/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://indieweb.social/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a> <a href="https://indieweb.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
Gabriele Svelto<p>I've found a lot of conflicting and confusing reports about the <a href="https://fosstodon.org/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> issue caused by a Microsoft update, so here's my relatively informed take about it.</p><p>Spoilers: this isn't an issue with GRUB, but with another less known bootloader called shim. GRUB can also be affected though. So let's talk about how the bootchain of a <a href="https://fosstodon.org/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> distro works and what happened to it. 🧵 1/11</p>
alios<p>Sich auf Crypto Keys verlassen die unter andere Leute kontrolle sind ist doof, weil wenn die kompromittiert werden bekommst Du es ggf nicht mit und hast verloren: "An unlimited Secure Boot bypass, more then 200 mainboards affected."</p><p><a href="https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/</span></a></p><p><a href="https://chaos.social/tags/uefi" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>uefi</span></a> <a href="https://chaos.social/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://chaos.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a></p>
Richi Jennings<p>Hundreds of PC models from vendors such as HP, Lenovo, Dell, Intel, Acer and Gigabyte shipped with useless boot protection—using private keys that aren’t private.</p><p><a href="https://vmst.io/tags/SecureBoot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SecureBoot</span></a> is completely broken, scream the headlines. Why? A team of researchers from Santa Monica have found countless flaws in the way major PC vendors manage the <a href="https://vmst.io/tags/crypto" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crypto</span></a> keys that keep your PC’s boot process trustworthy. And the problem started at least 12 years ago.</p><p>The researchers are calling it <a href="https://vmst.io/tags/PKfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PKfail</span></a>. In <a href="https://vmst.io/tags/SBBlogwatch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SBBlogwatch</span></a>, we scramble to rotate our keys. At @TechstrongGroup​’s @SecurityBlvd: <a href="https://securityboulevard.com/2024/07/pkfail-secure-boot-broken-richixbw/?utm_source=richisoc&amp;utm_medium=social&amp;utm_content=richisoc&amp;utm_campaign=richisoc" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityboulevard.com/2024/07/</span><span class="invisible">pkfail-secure-boot-broken-richixbw/?utm_source=richisoc&amp;utm_medium=social&amp;utm_content=richisoc&amp;utm_campaign=richisoc</span></a></p>
Hans-Cees 🍋🌲🦔🦦🐝🦋🐛🚅🇸🇳🇵🇾🇹🇬🇹🇲<p><span class="h-card" translate="no"><a href="https://mstdn.social/@knittingknots2" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>knittingknots2</span></a></span> In a public GitHub repository committed in December of that year, someone working for multiple US-based device manufacturers published what’s known as a platform key<br><a href="https://mas.to/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://mas.to/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://mas.to/tags/securitybooted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securitybooted</span></a></p>
Alexandre Borges<p>Secure Boot is completely broken on 200+ models from 5 big device makers:</p><p><a href="https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">arstechnica.com/security/2024/</span><span class="invisible">07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/</span></a></p><p><a href="https://mastodon.social/tags/secureboot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>secureboot</span></a> <a href="https://mastodon.social/tags/informationsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>informationsecurity</span></a> <a href="https://mastodon.social/tags/platformsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>platformsecurity</span></a> <a href="https://mastodon.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.social/tags/aer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aer</span></a> <a href="https://mastodon.social/tags/dell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dell</span></a> <a href="https://mastodon.social/tags/gigabyte" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gigabyte</span></a> <a href="https://mastodon.social/tags/intel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intel</span></a> <a href="https://mastodon.social/tags/supermicro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>supermicro</span></a> <a href="https://mastodon.social/tags/threathunting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threathunting</span></a></p>