🥩🥩New Blog from Mr T-Bone: Update Secure Boot Certificate by using Intune Remediation
Don’t let Secure Boot catch you off guard! Learn to update certificates with Intune – easy & secure! MrTbone_se
#Intune #SecureBoot #MVPBuzz #MrTboneBlog
👉👉 https://www.tbone.se/2026/01/09/update-secure-boot-certificate-by-using-intune-remediation/
Cachy os server ... coool i will never install this crap on my server without secureboot, server are one of the most critical infrastructure, exposed extensively to attack no secureboot = no installation.
Any amount of BS will not change this simple and easy to understand fact.
Server must be protected, not exposed to malware that where made a nightmare to develop with the help of secureboot.
Yup, definitely spicy...
It works with just power connected, but since the BIOS battery is dead and I can't replace it, it always restores the default settings, which enables secure boot again, which is dumb.
Perhaps I can find a #Linux Distro that works with #SecureBoot, but not sure yet.
RE: https://bsky.app/profile/did:plc:4nz4j7p3icydlttmfvbgff2o/post/3mbwbaav7z22x
I unknowingly lied about having finished my Fedora setup on my work laptop. I forgot about OBS and the DroidCam plugin for it. It was a pain in the butt until I figured out that the v4l2loopback module wasn’t loaded due to secure boot being enabled (which is weird to me since it didn’t make any problems on my desktop)
Ubuntu boot manager does not open Windows 11 #boot #dualboot #secureboot #windows11
Ubuntu boot manager does not open Windows #boot #dualboot #secureboot #windows11
OK so apart from breaking things when I converted the partition table from MBR to GPT, switching my #Debian laptop over to #UEFI booting went pretty well.
I shaved 200MB off the 1GB /boot partition to create space for an EFI partition, and installed grub-efi-amd64-signed, then ran grub-install. Now I have UEFI and #SecureBoot working!
$ sudo mokutil --sb-state
SecureBoot enabled
On its own it's not much but it feels like an achievement.
Must remember that SystemRescueCD isn't good at networking...
Of Boot Vectors and Double Glitches: Bypassing RP2350's Secure Boot
https://streaming.media.ccc.de/39c3/relive/2149
#HackerNews #BootVectors #DoubleGlitches #SecureBoot #RP2350 #CyberSecurity #Hacking
The following hashtags are trending across South African Mastodon instances:
#battlestargalactica
#merrychristmas
#bios
#secureboot
#diy
Based on recent posts made by non-automated accounts. Posts with more boosts, favourites, and replies are weighted higher.
The following hashtags are trending across South African Mastodon instances:
#books
#amreading
#christmas
#Wordle
#wordle1653
#merrychristmas
#bios
#secureboot
#quotes
#forgiveness
Based on recent posts made by non-automated accounts. Posts with more boosts, favourites, and replies are weighted higher.
Due to my setting Secure Boot mode in my BIOS to "Windows" rather than "Other OS," Windows encrypted both my boot drive and my RAID without my asking, and it broke the "Windows Activation," too. I could not switch Secure Boot back to "Other OS" without losing access to my hard disks. "Turn off BitLocker" on the RAID drive has been running for a couple of hours so far, with no indication of when it will finish.
Local Attack: A local attacker with sufficient privileges can modify EFI Variables or the EFI partition using a live Linux USB to alter the boot order and load a compromised shim, executing privileged code without disabling Secure Boot."
#secureboot #ossec #netboot
https://www.reddit.com/r/linux/comments/1al8mad/critical_shim_bootloader_flaw_leaves_all_linux/
Moved the workstation CPU/RAM/disk/GPU to the motherboard previously used for the #proxmox server. Now it’s in a (nice) case instead of a bench 😅
Manage to do all the changes without breaking #SecureBoot once 🙂
I was a bit scared because after the change I had some instabilities (lockups, failure to boot), turns out, I can’t use XMP with the RAM and motherboard combination 🤷♂️
Unfortunately, I can’t yet bring the proxmox machine back up, as the PSU does not fit in the (new) case I have for it 🤦♂️
Dual boot Windows11/Ubuntu 25.10 Desktop or Ubuntu 24.04 Desktop with Secure Boot #dualboot #systeminstallation #secureboot
Is your team interested in #UEFI Secure Boot and Intel Root of Trust? Do you want to understand how they actually work in real systems, and how they are attacked and defended in practice? Join our advanced hands-on training based on workshops already delivered to engineering and security teams, covering UEFI #SecureBoot internals, UEFI variables, and real-world vulnerabilities such as #BootHole, #BitPixie, recent #GRUB2 CVEs, and Intel Root of Trust weaknesses.
FreeBSD, Debian и Secure Boot
В этом руководстве описывается процесс настройки FreeBSD 15 для работы в режиме Secure Boot. Создадим Machine Owner Key, установим его в UEFI, подпишем загрузчик. Secure Boot: [ ON ]
@duxsco Für alle, die nach Quellen gefragt haben, wohin die Reise bei Secure Boot / TPM / Pluton geht – hier eine kleine, gut belegte Auswahl:
Microsoft Pluton Sicherheitsprozessor (offizielle Doku)
https://learn.microsoft.com/de-de/windows/security/hardware-security/pluton/microsoft-pluton-security-processor
Heise: Microsofts Sicherheitscontroller Pluton kommt auch in Intel-CPUs
https://www.heise.de/news/Microsoft-Sicherheitscontroller-Pluton-kommt-auch-in-Intel-Core-9833911.html
UEFI / Secure Boot – Kritik und Geschichte
https://en.wikipedia.org/wiki/UEFI#Criticism
Secure Boot – Hintergrund (Wikipedia)
https://en.wikipedia.org/wiki/UEFI
TPM & Secure Boot – Ängste, Zweifel und Kritik (deutsch)
https://curius.de/2022/02/kollektive-vorbehalte-gegen-tpm-und-secure-boot-aengste-unsicherheit-und-zweifel/
Niemand behauptet, Secure Boot sei per se böse.
Die Frage ist, wer langfristig die Root-Keys und die Policy kontrolliert.
Sicherheit ohne Nutzersouveränität ist Policy Enforcement.
#SecureBoot #TPM #Pluton #DigitaleSouveränität #OpenSource #Linux #VendorLockIn #ITSecurity
@IncredibleLaser The #TLS analogy doesn’t hold:
TLS is a #protocol where I can run my own #CA, replace trust anchors, or opt out entirely.
#SecureBoot is part of a platform-wide chain of trust.
The problem isn’t Secure Boot per se. It’s that the root of trust is moving away from the user!!!
With Secured-Core PCs, Pluton, OEM firmware policies and enforced updates, the “platform owner” increasingly becomes the vendor, not the person managing the device.
Once Secure Boot is no longer fully disable-able and keys are fused or policy-enforced, custom keys stop being a right and become an exception :blobcatangery:
Apple already shows where this leads: security as control, not choice 😩
🧵 Follow-post: Why Secure Boot / Secured-Core ≠ Security
Why Secure Boot / “Secured-Core PCs” are not real security
Secure Boot only verifies who signed the bootloader — not whether the system is secure.
It protects the boot path, not the running system.
Malware, rootkits and exploits are injected after boot:
via browsers, drivers, kernel bugs, supply-chain attacks.
Secure Boot does nothing against that.
With TPM / Pluton, trust is anchored in hardware controlled by vendors, not users.
If you don’t control the root keys, you don’t control the system.
Keys can be revoked. Firmware can be updated remotely.
Suddenly, software that used to run on your own hardware no longer does.
That’s not security — that’s policy enforcement.
#SecureBoot #SecuredCore #TPM #Pluton #OpenSource #Linux
#DigitalSovereignty #VendorLockIn #ITSecurity #Firmware
