Sabotaging Linux on Behalf of Microsoft With UEFI 'Secure' Boot (De Facto Remote 'Kill Switch'), Then Defaming, Stalking and Harassing Critics of 'Secure' Boot for 12 Years, Then SLAPPing Their Spouses and Them
The sorts of stubborn lunatics we've been dealing with for 18 months (since February 2024)
Microsoft is very deep in debt. By the end of this week the latest figures will go public, revealing (albeit quietly) by how much that debt grew. See, Microsoft isn't selling much except buzzwords and hype (rebranding existing things as "hey hi", then claiming growth in "hey hi"). Sales of Windows are down ("licences" for use of Windows are not sales per se). There are no new products, just lots of shutdowns (even whole divisions and offices).
Quite frankly, contrary to what the media claims this week, Microsoft has serious problems.
Now they sabotage GNU/Linux some more and try to tell us, "this is OK!"
We said we'd bring up this topic at least once a week, hence this exception to the rule [1, 2].
Pointing to this journal, a reader quotes a comment about certificates in UEFI 'secure' boot poised to 'expire': "This should be on the front page. Can't you just roll the computer's clock back a few years before each boot up?"
People are very angry at enablers of this. One reader told us, "time to mention [insult omitted] matt and his [insult omitted] there with his role in deploying Microsoft shim in place of a platform independent solution which could have avoided vendor lock-in".
The said thread is dated Monday and it's entitled "Too Old For This Nonsense":
I need to slow down, to take some time off. My brain has melted.I'm a bit stuck with bootloaders. Since UEFI came along, it looks like you just need a file in the right directory called BOOT.X64 at the bare minimum to get something running. I need to install GRUB. Why do I need to do command-line-fu? Can I not just drop a binary into the right subdir and a .conf file?
Some years ago (about 7) I used the tools in ISOLINUX to boot a USB stick. Of course, I never wrote down what I did. That was on a UEFI system too.
I know that you sometimes need to register the bootloader with the firmware, in the menus, by browsing the filesystems and selecting the binary.
"Alternatively," said one comment jokingly, "give up Linux (and watch TikTok/YT or do whatever you enjoy)."
A later comment spoke of "UEFI and its time bomb payload", saying: "Wait. The best is yet to come."
Here is the explanation with a diverse set of press links:
The mini OS known as UEFI has more than bug doors and other problems: it's payload of an expired key will raise its ugly head in September of this year. So unless you've gone through the trouble of making and self-signing your own keys, then restricted boot systems will cease to start at that time [tomshardware.com]. We were warned back in 2012 [archive.org].In other words, a great many GNU/Linux desktop and laptop systems will expire soon [lwn.net], thanks to M$ payload in UEFI:
Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen. It seems that the vast majority of systems will not be lost in the shuffle, but it may require extra work from distributors and users.
- — Linux and Secure Boot certificate expiration [lwn.net]
So this is a problem for all of us to "look forward" to (like last August). Thanks, Microsoft. █