Linux

9545 readers

378 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago

MODERATORS

Ategon@programming.dev

anzo@programming.dev

dwraf_of_ignorance@programming.dev

Linux and Secure Boot certificate expiration (lwn.net)

submitted 2 months ago by cm0002@programming.dev to c/linux@programming.dev

21 comments fedilink hide all child comments

Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen. It seems that the vast majority of systems will not be lost in the shuffle, but it may require extra work from distributors and users.

you are viewing a single comment's thread
view the rest of the comments

[–] 9tr6gyp3@lemmy.world 1 points 2 months ago* (last edited 2 months ago) (1 children)

Generally, motherboard manufacturers source their components from other companies. They do not manufacture the entire board themselves. This includes CPUs, Wifi cards, USB controllers, bluetooth, audio, display controllers, etc. Each and every one of them create new products, maintain their own firmware for all those new products, and push updates to the motherboard manufacturers when there are updates.

Coreboot/libreboot do not update those components themselves. They also must be provided that source code.

Just for coreboot alone, the last release had more than 120 contributors push over 900 commits. One person is not able to maintain that piece of software, as it is an enormous task.

[+] bacon_pdp@lemmy.world 2 points 2 months ago (1 children)

[deleted]

[–] 9tr6gyp3@lemmy.world 0 points 2 months ago (1 children)

Even if the code is there, you will need someone to maintain that code. Easier or not, even in a git repository, those individual components will eventually not have the support necessary to patch it.

If an eight year old usb controller has flaws, and the manufacturer is not maintaining that git repository anymore because they cannot possibly afford to hire someone to look at that code after so long, then it is going to keep those flaws. It wont matter if that code is proprietary or open source and included in coreboot. Its just simply not feasible to support hardware properly once most of the world has moved on to other products.