• Many old shim versions are still accepted by secure boot

    From LWN.net@1337:1/100 to All on Wed Jul 15 14:00:06 2026
    Many old shim versions are still accepted by secure boot

    Date:
    Wed, 15 Jul 2026 12:49:36 +0000

    Description:
    The CMU CERT Coordination Center has put out an advisory that many
    exploitable versions of the shim binary, used to boot Linux on systems with UEFI secure boot enabled, were never added to the revocation list. An
    attacker with administrative privileges or the ability to modify
    the boot process could use one of the vulnerable shim bootloaders
    to bypass Secure Boot protections and execute arbitrary code before
    the operating system loads. Code executed during this early boot
    phase may achieve persistent compromise of the platform, including
    the ability to load unsigned or malicious kernel components that
    can survive system reboots and, in some cases, operating system
    reinstallation. The advisory contains a list of vulnerable shims.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/1082940/


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)