#secureboot — Public Fediverse posts

Well that UEFI CA rollover is already causing the first problems in my family's Windows systems! Here we have HP firmware duking it out with Windows Update. I love the cheery tone about "no further action required" — this laptop won't boot and needs a firmware update as well as a BitLocker recovery key. #secureboot #uefi #microsoft #hp

Well that UEFI CA rollover is already causing the first problems in my family's Windows systems! Here we have HP firmware duking it out with Windows Update. I love the cheery tone about "no further action required" — this laptop won't boot and needs a firmware update as well as a BitLocker recovery key. #secureboot #uefi #microsoft #hp

Well that UEFI CA rollover is already causing the first problems in my family's Windows systems! Here we have HP firmware duking it out with Windows Update. I love the cheery tone about "no further action required" — this laptop won't boot and needs a firmware update as well as a BitLocker recovery key. #secureboot #uefi #microsoft #hp

Problema: Secure Boot Violation. Invalid signature detected.

Vía: @acaele

#Divulgación #Hardware #Tecnología #Cómputo #BIOS #SecureBoot #KeyManamegent #Clonación #Particiones #Acaele #AntonioKhouri #UEFI

https://www.youtube.com/shorts/BRWPag1GeqA

Problema: Secure Boot Violation. Invalid signature detected.

Vía: @acaele

#Divulgación #Hardware #Tecnología #Cómputo #BIOS #SecureBoot #KeyManamegent #Clonación #Particiones #Acaele #AntonioKhouri #UEFI

https://www.youtube.com/shorts/BRWPag1GeqA

Problema: Secure Boot Violation. Invalid signature detected.

Vía: @acaele

#Divulgación #Hardware #Tecnología #Cómputo #BIOS #SecureBoot #KeyManamegent #Clonación #Particiones #Acaele #AntonioKhouri #UEFI

https://www.youtube.com/shorts/BRWPag1GeqA

Problema: Secure Boot Violation. Invalid signature detected.

Vía: @acaele

#Divulgación #Hardware #Tecnología #Cómputo #BIOS #SecureBoot #KeyManamegent #Clonación #Particiones #Acaele #AntonioKhouri #UEFI

https://www.youtube.com/shorts/BRWPag1GeqA

Problema: Secure Boot Violation. Invalid signature detected.

Vía: @acaele

#Divulgación #Hardware #Tecnología #Cómputo #BIOS #SecureBoot #KeyManamegent #Clonación #Particiones #Acaele #AntonioKhouri #UEFI

https://www.youtube.com/shorts/BRWPag1GeqA

https://www.europesays.com/be-fr/112314/ Windows 11 : vos certificats Secure Boot expirent en juin, comment vérifier si vous êtes concerné ? #BE #BEFr #Belgique #Belgium #Microsoft #Science #ScienceAndTechnology #Sciences #SciencesEtTechnologies #SecureBoot #Technologies #Technology #tuto #windows

https://www.europesays.com/ch-fr/137855/ Windows 11 : vos certificats Secure Boot expirent en juin, comment vérifier si vous êtes concerné ? #microsoft #Science #ScienceAndTechnology #Sciences #SciencesEtTechnologies #SecureBoot #Suisse #Technologies #Technology #tuto #windows

https://www.europesays.com/uk/969795/ ‘Reboot Your PC’—Microsoft Changes ‘Most Windows Devices’ In June #Microsoft #SecureBoot #Technology #UK #UnitedKingdom #Windows #Windows10 #Windows11 #WindowsSecurity #WindowsUpdate

‘Reboot Your PC’—Microsoft Changes ‘Most Windows Devices’ In June

All change for Windows AFP via Getty Images Updated on May 18 with new detail about the new…
#NewsBeep #News #Technology #GB #Microsoft #SecureBoot #UK #UnitedKingdom #Windows #Windows10 #Windows11 #windowssecurity #windowsupdate
https://www.newsbeep.com/uk/591335/

The things you didn't even know you had to worry about. Watched an #ExplainingComputers video last night on "Secure Boot Certificate Expiry (Windows & Linux)". As best as I can tell, I should be okay since I don't have it active:

bok@sqr128zena:~$
sudo mokutil --sb-state
[sudo] password for bok:
SecureBoot disabled
Platform is in Setup Mode

I hope so, since the update command fails:

bok@sqr128zena:~$ sudo fwupdmgr update
WARNING: UEFI capsule updates not available […]
Devices with no available firmware updates:
• SPCC M.2 SSD
• UEFI dbx

I'll see what happens in forty days:

Microsoft Corporation Third Party Marketplace Root
 Validity
  Not Before: Jun 27 21:22:45 2011 GMT
  Not After : Jun 27 21:32:45 2026 GMT

If my March 2015 NUC5i5RYK dies, I'll take it as a sign to upgrade. #Linux #SecureBoot

The things you didn't even know you had to worry about. Watched an #ExplainingComputers video last night on "Secure Boot Certificate Expiry (Windows & Linux)". As best as I can tell, I should be okay since I don't have it active:

bok@sqr128zena:~$
sudo mokutil --sb-state
[sudo] password for bok:
SecureBoot disabled
Platform is in Setup Mode

I hope so, since the update command fails:

bok@sqr128zena:~$ sudo fwupdmgr update
WARNING: UEFI capsule updates not available […]
Devices with no available firmware updates:
• SPCC M.2 SSD
• UEFI dbx

I'll see what happens in forty days:

Microsoft Corporation Third Party Marketplace Root
 Validity
  Not Before: Jun 27 21:22:45 2011 GMT
  Not After : Jun 27 21:32:45 2026 GMT

If my March 2015 NUC5i5RYK dies, I'll take it as a sign to upgrade. #Linux #SecureBoot

The things you didn't even know you had to worry about. Watched an #ExplainingComputers video last night on "Secure Boot Certificate Expiry (Windows & Linux)". As best as I can tell, I should be okay since I don't have it active:

bok@sqr128zena:~$
sudo mokutil --sb-state
[sudo] password for bok:
SecureBoot disabled
Platform is in Setup Mode

I hope so, since the update command fails:

bok@sqr128zena:~$ sudo fwupdmgr update
WARNING: UEFI capsule updates not available […]
Devices with no available firmware updates:
• SPCC M.2 SSD
• UEFI dbx

I'll see what happens in forty days:

Microsoft Corporation Third Party Marketplace Root
 Validity
  Not Before: Jun 27 21:22:45 2011 GMT
  Not After : Jun 27 21:32:45 2026 GMT

If my March 2015 NUC5i5RYK dies, I'll take it as a sign to upgrade. #Linux #SecureBoot

The things you didn't even know you had to worry about. Watched an #ExplainingComputers video last night on "Secure Boot Certificate Expiry (Windows & Linux)". As best as I can tell, I should be okay since I don't have it active:

bok@sqr128zena:~$
sudo mokutil --sb-state
[sudo] password for bok:
SecureBoot disabled
Platform is in Setup Mode

I hope so, since the update command fails:

bok@sqr128zena:~$ sudo fwupdmgr update
WARNING: UEFI capsule updates not available […]
Devices with no available firmware updates:
• SPCC M.2 SSD
• UEFI dbx

I'll see what happens in forty days:

Microsoft Corporation Third Party Marketplace Root
 Validity
  Not Before: Jun 27 21:22:45 2011 GMT
  Not After : Jun 27 21:32:45 2026 GMT

If my March 2015 NUC5i5RYK dies, I'll take it as a sign to upgrade. #Linux #SecureBoot

The things you didn't even know you had to worry about. Watched an #ExplainingComputers video last night on "Secure Boot Certificate Expiry (Windows & Linux)". As best as I can tell, I should be okay since I don't have it active:

bok@sqr128zena:~$
sudo mokutil --sb-state
[sudo] password for bok:
SecureBoot disabled
Platform is in Setup Mode

I hope so, since the update command fails:

bok@sqr128zena:~$ sudo fwupdmgr update
WARNING: UEFI capsule updates not available […]
Devices with no available firmware updates:
• SPCC M.2 SSD
• UEFI dbx

I'll see what happens in forty days:

Microsoft Corporation Third Party Marketplace Root
 Validity
  Not Before: Jun 27 21:22:45 2011 GMT
  Not After : Jun 27 21:32:45 2026 GMT

If my March 2015 NUC5i5RYK dies, I'll take it as a sign to upgrade. #Linux #SecureBoot

Nach dem April-Update liegt im Windows-Verzeichnis ein neuer SecureBoot-Ordner. Für normale Nutzer ist er irrelevant - Experten raten schlicht zum Ignorieren. #Windows11 #Windows10 #SecureBoot #Update #Patchday https://winfuture.de/news,158751.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Nach dem April-Update liegt im Windows-Verzeichnis ein neuer SecureBoot-Ordner. Für normale Nutzer ist er irrelevant - Experten raten schlicht zum Ignorieren. #Windows11 #Windows10 #SecureBoot #Update #Patchday https://winfuture.de/news,158751.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Nach dem April-Update liegt im Windows-Verzeichnis ein neuer SecureBoot-Ordner. Für normale Nutzer ist er irrelevant - Experten raten schlicht zum Ignorieren. #Windows11 #Windows10 #SecureBoot #Update #Patchday https://winfuture.de/news,158751.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Nach dem April-Update liegt im Windows-Verzeichnis ein neuer SecureBoot-Ordner. Für normale Nutzer ist er irrelevant - Experten raten schlicht zum Ignorieren. #Windows11 #Windows10 #SecureBoot #Update #Patchday https://winfuture.de/news,158751.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

Nach dem April-Update liegt im Windows-Verzeichnis ein neuer SecureBoot-Ordner. Für normale Nutzer ist er irrelevant - Experten raten schlicht zum Ignorieren. #Windows11 #Windows10 #SecureBoot #Update #Patchday https://winfuture.de/news,158751.html?utm_source=Mastodon&utm_medium=ManualStatus&utm_campaign=SocialMedia

https://www.europesays.com/ie/487460/ ‘Security Update Fails’—Microsoft Says Restart Windows #BitLockerRecovery #Éire #IE #Ireland #Microsoft #MicrosoftSecurityUpdate #SecureBoot #Technology #Windows #Windows10 #Windows11 #WindowsWarning

Has anyone succeed to boot a Debian system on an UEFI+Secure boot host with an ISCSI network drive via iPXE?

Having iPXE working with secureboot is okay, they have a signed shim.

Using `sanboot` directive gives me grub, as expected and start the Kernel.
But then the Linux Kernel detects a Secureboot violation and halt the booting process & the machine.

#iPXE #SANBOOT #SecureBoot #Debian

Has anyone succeed to boot a Debian system on an UEFI+Secure boot host with an ISCSI network drive via iPXE?

Having iPXE working with secureboot is okay, they have a signed shim.

Using `sanboot` directive gives me grub, as expected and start the Kernel.
But then the Linux Kernel detects a Secureboot violation and halt the booting process & the machine.

#iPXE #SANBOOT #SecureBoot #Debian

Has anyone succeed to boot a Debian system on an UEFI+Secure boot host with an ISCSI network drive via iPXE?

Having iPXE working with secureboot is okay, they have a signed shim.

Using `sanboot` directive gives me grub, as expected and start the Kernel.
But then the Linux Kernel detects a Secureboot violation and halt the booting process & the machine.

#iPXE #SANBOOT #SecureBoot #Debian

Has anyone succeed to boot a Debian system on an UEFI+Secure boot host with an ISCSI network drive via iPXE?

Having iPXE working with secureboot is okay, they have a signed shim.

Using `sanboot` directive gives me grub, as expected and start the Kernel.
But then the Linux Kernel detects a Secureboot violation and halt the booting process & the machine.

#iPXE #SANBOOT #SecureBoot #Debian

Mood : https://www.youtube.com/shorts/o56qL2t4swA

Doing network booting (#DHCP, #TFTP, #iPXE, #UEFI, #SecureBoot)
I haven't reached the “Oh, that's why” so far. But very annoyed

https://ipxe.org/secboot
“The Secure Boot shim (e.g. ipxe-shim.efi or snponly-shim.efi) will automatically load the iPXE binary with the corresponding name (e.g. ipxe.efi or snponly.efi).”
Definitely not what's happening…
So It kept loading the wrong iPXE firmware (not the snmponly) and I kept wondering why my keyboard wasn't working :<

Mood : https://www.youtube.com/shorts/o56qL2t4swA

Doing network booting (#DHCP, #TFTP, #iPXE, #UEFI, #SecureBoot)
I haven't reached the “Oh, that's why” so far. But very annoyed

https://ipxe.org/secboot
“The Secure Boot shim (e.g. ipxe-shim.efi or snponly-shim.efi) will automatically load the iPXE binary with the corresponding name (e.g. ipxe.efi or snponly.efi).”
Definitely not what's happening…
So It kept loading the wrong iPXE firmware (not the snmponly) and I kept wondering why my keyboard wasn't working :<

Mood : https://www.youtube.com/shorts/o56qL2t4swA

Doing network booting (#DHCP, #TFTP, #iPXE, #UEFI, #SecureBoot)
I haven't reached the “Oh, that's why” so far. But very annoyed

https://ipxe.org/secboot
“The Secure Boot shim (e.g. ipxe-shim.efi or snponly-shim.efi) will automatically load the iPXE binary with the corresponding name (e.g. ipxe.efi or snponly.efi).”
Definitely not what's happening…
So It kept loading the wrong iPXE firmware (not the snmponly) and I kept wondering why my keyboard wasn't working :<

Mood : https://www.youtube.com/shorts/o56qL2t4swA

Doing network booting (#DHCP, #TFTP, #iPXE, #UEFI, #SecureBoot)
I haven't reached the “Oh, that's why” so far. But very annoyed

https://ipxe.org/secboot
“The Secure Boot shim (e.g. ipxe-shim.efi or snponly-shim.efi) will automatically load the iPXE binary with the corresponding name (e.g. ipxe.efi or snponly.efi).”
Definitely not what's happening…
So It kept loading the wrong iPXE firmware (not the snmponly) and I kept wondering why my keyboard wasn't working :<

📬 BitUnlocker knackt BitLocker in unter fünf Minuten
#ITSicherheit #Bitlocker #BitUnlocker #CVE202548804 #KB5025885 #SecureBoot #TPM #TPMonlyBitLocker #Windows11 #WinRE #YellowKey https://sc.tarnkappe.info/2ff8e4

📬 BitUnlocker knackt BitLocker in unter fünf Minuten
#ITSicherheit #Bitlocker #BitUnlocker #CVE202548804 #KB5025885 #SecureBoot #TPM #TPMonlyBitLocker #Windows11 #WinRE #YellowKey https://sc.tarnkappe.info/2ff8e4

📬 BitUnlocker knackt BitLocker in unter fünf Minuten
#ITSicherheit #Bitlocker #BitUnlocker #CVE202548804 #KB5025885 #SecureBoot #TPM #TPMonlyBitLocker #Windows11 #WinRE #YellowKey https://sc.tarnkappe.info/2ff8e4

📬 BitUnlocker knackt BitLocker in unter fünf Minuten
#ITSicherheit #Bitlocker #BitUnlocker #CVE202548804 #KB5025885 #SecureBoot #TPM #TPMonlyBitLocker #Windows11 #WinRE #YellowKey https://sc.tarnkappe.info/2ff8e4

📬 BitUnlocker knackt BitLocker in unter fünf Minuten
#ITSicherheit #Bitlocker #BitUnlocker #CVE202548804 #KB5025885 #SecureBoot #TPM #TPMonlyBitLocker #Windows11 #WinRE #YellowKey https://sc.tarnkappe.info/2ff8e4

Microsoft Patches 138 Vulnerabilities, Including Critical DNS and Netlogon Flaws

Microsoft just patched a critical DNS flaw that could let hackers execute code on your network, along with 137 other vulnerabilities - so make sure to update ASAP! The update also includes a mandatory rollout of updated Secure Boot certificates to keep your system secure.

https://osintsights.com/microsoft-patches-138-vulnerabilities-including-critical-dns-and-netlogon-flaws?utm_source=mastodon&utm_medium=social

#WindowsDns #Cve202641096 #SecureBoot #Microsoft #PatchTuesday

Microsoft Patches 138 Vulnerabilities, Including Critical DNS and Netlogon Flaws

Microsoft just patched a critical DNS flaw that could let hackers execute code on your network, along with 137 other vulnerabilities - so make sure to update ASAP! The update also includes a mandatory rollout of updated Secure Boot certificates to keep your system secure.

https://osintsights.com/microsoft-patches-138-vulnerabilities-including-critical-dns-and-netlogon-flaws?utm_source=mastodon&utm_medium=social

#WindowsDns #Cve202641096 #SecureBoot #Microsoft #PatchTuesday

Now it is a great time to ensure you've updated your #UEFI #Windows #SecureBoot Certificate Authority to 2023 versions. The old keys from 2011 are set to expire in June 2026.

Quoting microsoft:

"Devices that haven’t received the newer 2023 certificates will continue to start and operate normally, and standard Windows updates will continue to install. However, these devices will no longer be able to receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot level vulnerabilities.

Over time, this limits the device’s protection against emerging threats and may affect scenarios that rely on Secure Boot trust, such as BitLocker hardening or third-party bootloaders. Most Windows devices will receive the updated certificates automatically, and many OEMs provide firmware updates when needed. Keeping your device current with these updates helps ensures it can continue receiving the full set of security protections that Secure Boot is designed to provide."

https://support.microsoft.com/en-gb/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

Now it is a great time to ensure you've updated your #UEFI #Windows #SecureBoot Certificate Authority to 2023 versions. The old keys from 2011 are set to expire in June 2026.

Quoting microsoft:

"Devices that haven’t received the newer 2023 certificates will continue to start and operate normally, and standard Windows updates will continue to install. However, these devices will no longer be able to receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot level vulnerabilities.

Over time, this limits the device’s protection against emerging threats and may affect scenarios that rely on Secure Boot trust, such as BitLocker hardening or third-party bootloaders. Most Windows devices will receive the updated certificates automatically, and many OEMs provide firmware updates when needed. Keeping your device current with these updates helps ensures it can continue receiving the full set of security protections that Secure Boot is designed to provide."

https://support.microsoft.com/en-gb/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

Now it is a great time to ensure you've updated your #UEFI #Windows #SecureBoot Certificate Authority to 2023 versions. The old keys from 2011 are set to expire in June 2026.

Quoting microsoft:

"Devices that haven’t received the newer 2023 certificates will continue to start and operate normally, and standard Windows updates will continue to install. However, these devices will no longer be able to receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot level vulnerabilities.

Over time, this limits the device’s protection against emerging threats and may affect scenarios that rely on Secure Boot trust, such as BitLocker hardening or third-party bootloaders. Most Windows devices will receive the updated certificates automatically, and many OEMs provide firmware updates when needed. Keeping your device current with these updates helps ensures it can continue receiving the full set of security protections that Secure Boot is designed to provide."

https://support.microsoft.com/en-gb/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

Now it is a great time to ensure you've updated your #UEFI #Windows #SecureBoot Certificate Authority to 2023 versions. The old keys from 2011 are set to expire in June 2026.

Quoting microsoft:

"Devices that haven’t received the newer 2023 certificates will continue to start and operate normally, and standard Windows updates will continue to install. However, these devices will no longer be able to receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot level vulnerabilities.

Over time, this limits the device’s protection against emerging threats and may affect scenarios that rely on Secure Boot trust, such as BitLocker hardening or third-party bootloaders. Most Windows devices will receive the updated certificates automatically, and many OEMs provide firmware updates when needed. Keeping your device current with these updates helps ensures it can continue receiving the full set of security protections that Secure Boot is designed to provide."

https://support.microsoft.com/en-gb/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

Now it is a great time to ensure you've updated your #UEFI #Windows #SecureBoot Certificate Authority to 2023 versions. The old keys from 2011 are set to expire in June 2026.

Quoting microsoft:

"Devices that haven’t received the newer 2023 certificates will continue to start and operate normally, and standard Windows updates will continue to install. However, these devices will no longer be able to receive new security protections for the early boot process, including updates to Windows Boot Manager, Secure Boot databases, revocation lists, or mitigations for newly discovered boot level vulnerabilities.

Over time, this limits the device’s protection against emerging threats and may affect scenarios that rely on Secure Boot trust, such as BitLocker hardening or third-party bootloaders. Most Windows devices will receive the updated certificates automatically, and many OEMs provide firmware updates when needed. Keeping your device current with these updates helps ensures it can continue receiving the full set of security protections that Secure Boot is designed to provide."

https://support.microsoft.com/en-gb/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e

Part 2 of my graceful reboot series - a real-world use case: pushing Microsoft's 2026 Secure Boot certificate update via Intune Remediations, with a user-friendly reboot built in.

http://dlvr.it/TSWSCn

#Intune #SecureBoot #PowerShell

Part 2 of my graceful reboot series - a real-world use case: pushing Microsoft's 2026 Secure Boot certificate update via Intune Remediations, with a user-friendly reboot built in.

http://dlvr.it/TSWSCn

#Intune #SecureBoot #PowerShell

Part 2 of my graceful reboot series - a real-world use case: pushing Microsoft's 2026 Secure Boot certificate update via Intune Remediations, with a user-friendly reboot built in.

http://dlvr.it/TSWSCn

#Intune #SecureBoot #PowerShell

Part 2 of my graceful reboot series - a real-world use case: pushing Microsoft's 2026 Secure Boot certificate update via Intune Remediations, with a user-friendly reboot built in.

http://dlvr.it/TSWSCn

#Intune #SecureBoot #PowerShell

Part 2 of my graceful reboot series - a real-world use case: pushing Microsoft's 2026 Secure Boot certificate update via Intune Remediations, with a user-friendly reboot built in.

http://dlvr.it/TSWSCn

#Intune #SecureBoot #PowerShell

https://www.europesays.com/uk/956760/ ‘One Time Restart’—Microsoft Changes Windows After 15 Years #Google #Microsoft #PatchTuesday #SecureBoot #SecureBootUpdate #Technology #UK #UnitedKingdom #Windows #Windows10 #WindowsMayUpdate

繞過 Bitlocker 加密工具登場 Windows 11 裝置 5 分鐘內淪陷
安全研究機構 Intrinsec 發布名為 BitUnlocker 的工具，可在不破解加密情況下，對已安裝最新 […]
#資訊保安 #BitLocker #CVE-2025-48804 #Secure Boot
https://unwire.hk/2026/05/13/bitunlocker-windows11-bitlocker-attack/tech-secure/?utm_source=rss&utm_medium=rss&utm_campaign=bitunlocker-windows11-bitlocker-attack