They left out the steps to update it. I made a rough attempt at a document for this. [1] Please le...

Bender • yesterday at 7:56 PM • 2 replies • view on HN

They left out the steps to update it. I made a rough attempt at a document for this. [1] Please let me know if I missed a validation step. I have done this on six machines but they were all Linux. Not tested on BSD.

Archive [2] in the event I was too aggressive in blocking bots.

[Edit] I should also include this [3] thread for completeness sake. Some people people were playing with a shim work around but it looks like a lot of unnecessary complexity and fragility to me.

[1] - https://nochan.net/b/Internet-Crap/20260621-Update-Secure-Bo...

[2] - https://archive.is/ml3jv

[3] - https://www.reddit.com/r/archlinux/comments/1pvw6td/grub_shi...

Replies

0l • yesterday at 8:36 PM

FYI your server returns Brotli encoded content, even if the request has only Accept-Encoding: gzip, deflate, zstd - making it unreadable in for me (Firefox on Fedora).

➕ show 1 reply

Animats • yesterday at 8:14 PM

Found this on one machine. Key expires in 5 days. System runs Linux only and has never booted Windows, ever. Secure boot may be off.

    SHA1 Fingerprint: 46:de:f6:3b:5c:e6:1c:f8:ba:0d:e2:e6:63:9c:10:19:d0:ed:14:f3
    Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            61:08:d3:c4:00:00:00:00:00:04
        Signature Algorithm: sha256WithRSAEncryption
        Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
        Validity
            Not Before: Jun 27 21:22:45 2011 GMT
            Not After : Jun 27 21:32:45 2026 GMT
        Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011

➕ show 1 reply

alt Hacker News

Replies