fsebugoutzone.org:9999

       Post AVVwnmSyKx8nAX3xL6 by js@mstdn.io
 (DIR) More posts by js@mstdn.io
 (DIR) Post #AVUI4u7yoZVMZgKXvE by mjg59@nondeterministic.computer
       2023-05-09T18:59:37Z
       
       0 likes, 0 repeats
       
       Microsoft security update that blocks Black Lotus (and, incidentally, also blocks a *lot* of existing Windows boot media and recovery images - you do want to be careful in applying this, but I&#39;m still kind of amazed this ended up being politically viable!) https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d
       
 (DIR) Post #AVUIQJiirCNM1uj7vU by Rairii@haqueers.com
       2023-05-09T19:03:44Z
       
       0 likes, 0 repeats
       
       @mjg59 same. i&#39;d have thought i&#39;d have been told in advance about this, too (i wasn&#39;t). and there&#39;s got to be some boot applications they missed. i&#39;ll check later (not at home right now)
       
 (DIR) Post #AVUJAm0M1pj14b7sFk by mjg59@nondeterministic.computer
       2023-05-09T19:11:49Z
       
       0 likes, 0 repeats
       
       @Rairii dbx revocation is purely of old bootloaders, for any that support policy management for boot apps they&#39;ve just added a policy that prohibits loading *all* old boot apps
       
 (DIR) Post #AVUJXMUv1s1scoC3GK by Rairii@haqueers.com
       2023-05-09T19:16:02Z
       
       0 likes, 0 repeats
       
       @mjg59 yeah i need to look at the cipolicy laterand double check the hashes, i&#39;m SURE there&#39;s some missing.thing is, there&#39;s a few boot environment quirks that may or may not have been considered too, i&#39;ll need to look further
       
 (DIR) Post #AVUO9LpuKvGhOVNg9o by hughsie@mastodon.social
       2023-05-09T20:07:38Z
       
       0 likes, 0 repeats
       
       @mjg59 I&#39;m still not sure when to push the LVFS updates. We do check all the stuff in the ESP to make sure that nothing&#39;s going to get bricked, but that doesn&#39;t count recovery images...
       
 (DIR) Post #AVUPPZeEqtieonDqJk by mjg59@nondeterministic.computer
       2023-05-09T20:22:30Z
       
       0 likes, 0 repeats
       
       @hughsie Honestly I think lining up with the Microsoft schedule of 2024 makes sense, but doing something to enable manual updates for people who have this sort of thing as part of their threat model
       
 (DIR) Post #AVUPZQLEJCYkqm1n16 by Foxboron@chaos.social
       2023-05-09T20:23:47Z
       
       0 likes, 0 repeats
       
       @mjg59 @hughsie Right, but what happens if there are new revocations appended before 2024?The list would need to be manually managed and not the one as-is from uefi.org?
       
 (DIR) Post #AVVE5K34EjCWJ8w7N2 by cking@mastodon.world
       2023-05-10T05:50:25Z
       
       0 likes, 0 repeats
       
       @mjg59 it is still an incomplete patch, unfortunately https://mastodon.social/@never_released/110341145803408736
       
 (DIR) Post #AVVwnmSyKx8nAX3xL6 by js@mstdn.io
       2023-05-10T14:10:45Z
       
       0 likes, 0 repeats
       
       @mjg59 I&#39;m glad they finally did it - way too late, but better late then never. I lost hope they&#39;d ever do it.
       
 (DIR) Post #AVW7UIeE4mmcgMEweu by shelldozer@oldbytes.space
       2023-05-10T16:10:31Z
       
       0 likes, 0 repeats
       
       @mjg59 In adfition:The “Create a recovery drive” functionality is not supported in the updates released on or after May 9, 2023, and cannot be used to restore devices with revocation enabled. We are working on a resolution and will provide an update in an upcoming release.