Tootfinder

Microsoft is automatically replacing Secure Boot certificates for older PCs before they expire later this year; Secure Boot was first introduced in 2011 (Jess Weatherbed/The Verge)
https://www.theverge.com/tech/876336/microsoft-windows-secure-boot-certi…

Microsoft has begun automatically replacing the original Secure Boot security certificates on Windows devices through regular monthly updates, a necessary move given that the 15-year-old certificates first issued in 2011 are set to expire between late June and October 2026.

I just discovered that Freebsd 14.3 won't boot on may newest machine - because Freebsd isn't sufficiently "Secure Boot" signed.
(Fedora Linux 43 booted up just fine.)
I would have thought that the Freebsd folks would have nudged a proper signing key out of Microsoft by now.
So to boot Freebsd (14.3) I had to disable Secure Boot in the Setup.

Sfruttare i bootloader firmati per aggirare UEFI Secure Boot
Il firmware delle schede madri per PC moderne segue le specifiche UEFI dal 2010. Nel 2013 è apparsa una nuova tecnologia chiamata Secure Boot, pensata per impedire l'installazione e l'esecuzione dei bootkit . Secure Boot impedisce l'esecuzione di codice di programma non firmato o non attendibile (programmi .efi e bootloader del sistema operativo, firmware hardware aggiuntivo come OPROM di schede video e schede di …

@… No tak, to jest ten moment, kiedy "no to zaczyna się" :D

Secure boot jest ustawiany dla Windowsa przez producenta, tutaj musimy samemu:
- wygenerować klucze
- wgrać klucze do uefi
- podpisać kernel/dracut

Ogólnie są to trzy komendy (plus wejście do uefi, żeby wpisać hasło), ale rozumiem, że nie wysłałbym …

I've ordered an eDP->HDMI adapter for my snapdragon laptop with dead screen; the firmware doesn't set up the HDMI output, and I've failed to get any Linux to boot - or at least if I have then I've not got any output on HDMI or serial or had much more progress visible anywhere - it's tricky because it probably needs secure boot disabling, but I can't see the BIOS to be able to do it. The adapter is due to be on a slow boat from Harbin; so it might take a while.

@… is secure boot disabled? Add a photo, if you like.

One machine decided literally today when booting that it's bit-defender key was invalidated and refused to boot.
I thought bit-defender was a password manager? No idea why the machine has decided secure boot changed and it needed this key which nobody has ever heard of, even me a computer professional.
I think maybe Bit Defender is a boot-disk encryption system not a password manager after all?
It suggests checking with your Microsoft account to get the key. Nobody thinks they have a microsoft account, even though they do. Nobody knows any passwords for them.
Password reset, sure, but nobody knows their email password either. They never use email.
Google once lied to them that their password was wrong, and made them change it. But banned them from changing it to any old one that they actually know. It must be a new one they don't know. They wrote some down, but probably these are old ones and there's several different ones written down.
We get through all that with recovery methods for email address, luckily one phone was still logged in to read a reset email.
This bit defender key is attached to the account and I have to hand-type a 32 digit number from one screen to another.
My god.
If you only have one computer, then fuck you I guess.

BananaFin, my mix of project Banana (immutable KDE/Aurora) and BlueFin, is reaching finalization.Tomorrow some more testing (have brew and flatpak install my own applications upon first boot), but it is all running very smoothly. Aside from this being my hobby as well, you'd just install this and get on with it. And yes, it's a bootc container, from the cloud, secure boot enabled and it runs flatpaks and systemd. And very well, thank you!

Fucking secure boot. This is the reason why hibernation is disabled on my laptop? Fucking great.

Rimetto nero su bianco una cosa detta e pensata anni fa.
E‘ una follia pensare che oggi compriamo dei PC ( Personal Computer ) che hanno serrature apribili esclusivamente da Microsoft.
Se fossero case sarebbe evidente quanto la cosa é grottesca!
Ah si siamo fortunati! A volte si possono cambiare le ‚serrature‘.
Ps. sto parlando di secure boot, e di come sia gestito il processo attualmente.
Per il mondo ‚mobile’ é ancora peggio. La serratura li proprio non la pu…

@…
Baseline secure boot support for installer and releases · Laptop Project Board
<