this post was submitted on 11 Feb 2026
37 points (100.0% liked)

Technology

6123 readers
431 users here now

Which posts fit here?

Anything that is at least tangentially connected to the technology, social media platforms, informational technologies and tech policy.

Post guidelines

[Opinion] prefixOpinion (op-ed) articles must use [Opinion] prefix before the title.

Rules

1. English onlyTitle and associated content has to be in English.
2. Use original linkPost URL should be the original link to the article (even if paywalled) and archived copies left in the body. It allows avoiding duplicate posts when cross-posting.
3. Respectful communicationAll communication has to be respectful of differing opinions, viewpoints, and experiences.
4. InclusivityEveryone is welcome here regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
5. Ad hominem attacksAny kind of personal attacks are expressly forbidden. If you can't argue your position without attacking a person's character, you already lost the argument.
6. Off-topic tangentsStay on topic. Keep it relevant.
7. Instance rules may applyIf something is not covered by community rules, but are against lemmy.zip instance rules, they will be enforced.

Companion communities

!globalnews@lemmy.zip
!interestingshare@lemmy.zip

Icon attribution | Banner attribution

If someone is interested in moderating this community, message @brikox@lemmy.zip.

founded 2 years ago
MODERATORS
BrikoX@lemmy.zip
37
Windows' original Secure Boot certificates expire in June—here's what you need to do (arstechnica.com)
submitted 6 days ago by BrikoX@lemmy.zip to c/technology@lemmy.zip
14 comments fedilink hide all child comments
 

PCs without the new certificates could eventually have trouble booting new OSes.

top 14 comments
sorted by: hot top controversial new old
[–] FarrellPerks@feddit.uk 21 points 6 days ago

Step 1 - Choose a Linux distro

[–] donald_von_shitsnpants@kopitalk.net 6 points 6 days ago (2 children)

Move to Linux

[–] Hirom@beehaw.org 5 points 6 days ago* (last edited 6 days ago) (1 children)

Would Linux have the same issue if secure boot is enabled and the certificate expire?

Secure boot is a useful security measure. But users should have the ability to install and update certs. If hardware (vendors) don't allow this, it's going to cause trouble for both Windows and Linux users.

[–] h_ramus@piefed.social 1 points 6 days ago (2 children)

Gives the illusion of security without being secure. Get the drive in a separate machine and, unless encrypted, secure boot is security theatre. Windows login password is similarly useless when the drive can be accessed when attached elsewhere.

Get rid of secure boot, install a granny-safe Linux distribution like Mint and get your drive LUKS encrypted.

[–] Hirom@beehaw.org 3 points 6 days ago (1 children)

You're talking of an attacker with physical access. This can indeed defeats secure boot, but physical access defeat most computer security. In an evil maid scenario even LUKS can be defeated. An attacker with physical access can clone the drive, install a keylogger (hardware or software) and capture the passphrase the next time the machine boots.

Secure Boot can be useful to prevent malware from inserting themselves into the boot process, preventing them from elevating privilege or gaining persistence https://www.xda-developers.com/secure-boot/

Secure Boot isn't perfect but it's widely available and is an useful extra layer of protection, on top of disk encryption (eg LUKS).

[–] h_ramus@piefed.social -2 points 6 days ago (1 children)

I can't take any Microsoft attempt at security seriously. One of the most important elements to improve security is to delete windows. Secure boot is lots of things but not secure.

[–] FreedomAdvocate@lemmy.net.au 1 points 5 days ago* (last edited 5 days ago)

These are all basically “if your machine is already compromised, they can also get around these other security measures” type exploits though, which are irrelevant.

[–] FreedomAdvocate@lemmy.net.au 1 points 5 days ago* (last edited 5 days ago)

Good thing windows encrypts your disk too.

Also if someone has physical access to your machine to do nefarious things tor you’re already fucked.

[–] FatVegan@leminal.space 1 points 6 days ago

But how are you gonna play High Guard???

[–] bonenode@piefed.social 2 points 6 days ago (1 children)

In all that mess and scare last year I just switched secure boot off. It still isn't clear to me how much of a risk it is, read many different opinions online, but seems not a terribly big risk and I don't have to worry about this crap.

[–] Goodlucksil@lemmy.dbzer0.com 3 points 6 days ago (1 children)

Secure boot is supposed to help against a malicious agent (e.g. the government, Microsoft) compromising your PC's security by accessing through another OS.

[–] Willoughby@piefed.world 5 points 6 days ago* (last edited 6 days ago) (1 children)

It wouldn't help anyway without encryption. Pull the drive and have a look.

Secure boot is supposed to continue your reliance on proprietary software, any security it tacks on is unintentional.

[–] FreedomAdvocate@lemmy.net.au 1 points 5 days ago

Windows computers have been encrypting drives for years.

[–] FreedomAdvocate@lemmy.net.au 1 points 5 days ago

Tl;dr - if you’ve used the computer in the last few years, you’re fine.

If you haven’t, then it on and run Windows update and/or update everything in the windows store by June.

If you do none of that….. doesn’t really matter, your computer will still work as expected.