Tux Machines

Do you waddle the waddle?

Other Sites

Ubuntu Buzz !

Find and Replace - a Firefox Addon So Useful for Online Text Editing

Tor Project blog

New Alpha Release: Tor Browser 15.0a2

This version includes important security updates to Firefox.

9to5Linux

New GIMP 3.2 Development Release Brings Link Layers and Vector Layers

It’s been more than two months since the previous development release, and the new GIMP 3.2 development release brings even more goodies, including support for link layers and vector layers for non-destructive editing. While link layers allow you to link external image files as a layer in your project, vector layers let you create a shape and set its fill and stroke properties.

First Arch Linux ISO Powered by Linux Kernel 6.16 Is Now Available for Download

Arch Linux 2025.09.01 is out today as the first Arch Linux ISO release to be powered by Linux kernel 6.16, which should give users a boost when detecting hardware, especially on newer devices, but especially on older ones where previous Arch Linux ISOs failed to detect some of the components.

9to5Linux Weekly Roundup: August 31st, 2025

I would like to thank everyone who sent us donations; your generosity is greatly appreciated. I also want to thank all of you for your continued support by commenting, liking, sharing, and boosting the articles, following us on social media, and, last but not least, sending us feedback.

AerynOS 2025.08 Released with GNOME 48.4 and Mesa 25.2, KDE Plasma Support

While still in alpha stage, AerynOS 2025.08 brings some updated components, including the latest GNOME 48.4 desktop environment, which is still the default for the live ISO. If you don’t like GNOME, you can install AerynOS with the latest KDE Plasma 6.4 desktop environment or with System76’s Cosmic Alpha 7.

LinuxGizmos.com

AAEON UP Rolls Out Linux-Ready Intel Development Kits for Edge AI

The UP TWL AI Dev Kit is offered as a cost-efficient platform for power-sensitive projects. It is powered by the Intel Processor N150 (Twin Lake) and emphasizes accessibility for early-stage experimentation and lightweight applications.

Platypus PP-Ethernet-RS422/485 with Raspberry Pi RP2040 and W5500 for Serial-to-Ethernet Conversion

The RP2040 provides dual Arm Cortex-M0+ processors with 264 KB of SRAM, while the W5500 manages the TCP/IP stack in hardware, simplifying design and ensuring stable Ethernet operation.

Nordic nRF54L15 Connect Kit Adds Bluetooth LE 6.0, Thread, Zigbee and NFC Support

The kit is based on the nRF54L15-QFAA, which integrates a 128 MHz Arm Cortex-M33 processor and a 128 MHz RISC-V coprocessor. It includes 1.5 MB of non-volatile memory and 256 KB of RAM. Wireless support covers Bluetooth LE 6.0, Thread, Matter, Zigbee, NFC, IEEE 802.15.4-2020 and proprietary 2.4 GHz protocols.

Shuttle XPC slim DH810 Rugged Mini PC with Intel Core Ultra 200 Support

Processor support extends to Core Ultra 9, 7, and 5 models with integrated Intel Xe graphics. HDMI 2.1 provides 8K/60 Hz output, DisplayPort 1.4a supports 4K/60 Hz, and USB-C with DisplayPort/USB4 enables a third independent display. An optional VGA connector can replace one COM port for legacy compatibility.

Banana Pi BPI-F5 Adopts Allwinner T527 SoC in Credit-Card Sized SBC

The Allwinner T527 has been seen in recent products this year such as the Cubie A5E and the Orange Pi 4A. This SoC combines an octa-core Cortex-A55 cluster in a DynamIQ big.LITTLE configuration clocked up to 1.8 GHz.

MINIX Expands Elite Series with EU512-AI Mini PC Based on Intel Core Ultra 5 125H

This system is functionally identical to the MINIX Elite EU715-AI introduced in April, except that it features the Intel Core Ultra 5 Processor 125H, a 64-bit chip combining CPU cores, integrated Intel Arc graphics, and a Neural Processing Unit.

original

Disable "SecureBoot" Now

posted by Roy Schestowitz on Sep 02, 2025,
updated Sep 02, 2025

An old alarm clock from days gone by on a white background, clipart

Crossposted from Techrights

In Part I we introduced the issues in simple terms, in Part II we focused on the attacks on people who merely talked about these issues, Part III primarily tied things together, and Part IV named some of the culprits, which are not limited to Microsoft. IBM/Red Hat also played and still plays a role.

A few years ago Hack-a-day wrote about the blackbox at the heart of all this. It's basically proprietary code that you cannot audit or change to solve issues. Quoting the site: "The biggest complaint with UEFI is that it is a closed black box with unimaginable access to your computer and stays resident after the computer boots. BIOS is appealing since the interface is well-known and generally is non-resident. UEFI can be updated easier but also has a much more vital need for updates. A UEFI update can brick your system entirely. It will not boot, and due to the fuses being blown on the unit, it is almost physically impossible to fix it, even for the manufacturer. Significant amounts of testing go into these updates, but most are hesitant to push many updates because of the amount of work required."

Notice how they didn't warn about the certificate's expiration and some projects are calling all their keys "certificates" (certificates are keys signed by other keys). As Wikipedia puts it: "The certificate includes the public key and information about it, information about the identity of its owner (called the subject)..."

Further down it it says: "Certificate authorities are also responsible for maintaining up-to-date revocation information about certificates they have issued, indicating whether certificates are still valid. They provide this information through Online Certificate Status Protocol (OCSP) and/or Certificate Revocation Lists (CRLs)."

Now consider this comment from LWN: "I have (not so) fond memories of old BIOS systems where removing the battery would reset both the settings and clock. I'm not sure if this is still a thing. Does Secure Boot prevent an attacker from turning the clock back; is there maybe some internal clock that cannot be tampered with? Can one not boot a system the firmware accepts today, reset this firmware clock, and then merrily go on to boot payloads signed with the expired key? Some embedded systems burn fuses to prevent firmware rollbacks, but that's based on version numbers of a fixed boot chain, instead of certificates that might sign arbitrary payloads. I can't see how this sort of hard anti-rollback would work for secure boot, but I'm not sure how much certificate expiration is worth if you don't have a trusted clock."

The comments thread is already infested with Microsoft staff and other Microsofters (covering up their own misdeeds), but the general consensus is, there's no simple workaround or fix. Worse yet, trying to fix this may instead break the system entirely.

One person wrote: "So hardware with vendors who went out of business before now, or with incompetent vendors, will need to disable SecureBoot permanently."

Related: "The UEFI Restricted Boot 'Time Bomb' is About to Go Off in a Few Weeks"

Other Recent Tux Machines' Posts

Linux 6.17-rc4
by Linus Torvalds
A Decade of Kubernetes and v1.34 Release
coverage has begun
6 Open-Source Apps for Linux Gamers
Gaming on Linux might not be quite equal to gaming on Windows yet, but with a few small free, open-source programs
Wine 10.14
The Wine development release 10.14 is now available
Disable "SecureBoot" Now [original]
A "9/11" Coming
Long-Term Thinking and Long-Term Vision [original]
Next spring/summer we'll turn 22 (this site)
New GIMP 3.2 Development Release Brings Link Layers and Vector Layers
The GIMP project released today GIMP 3.1.4 as a new development release of GIMP 3.2, the next major version of this open-source, free, and cross-platform image editing software.
Microsoft is Sabotaging Its Own Products [original]
Microsoft is running out of money to pay workers
5 Days [original]
5 days have passed since I put in my complaint in support of the local birds
Linux, Distributions and Operating Systems
today's leftovers
Canonical and Microsoft Pay 'Linux' Foundation Money for Marketing SPAM and Fake (Paid-for) Articles, Videos
as usual
Mostly Positive News About GNU/Linux These Days [original]
What matters is not the quantity but the substance
 
OpenSSL 3.6 Promises LMS Signature Verification Support, Alpha Out Now
OpenSSL 3.6 is now in public testing with a first alpha release, promising new features and improvements for this open-source, cross-platform, and free software library that provides secure communications over computer networks for applications and websites.
Ubuntu 25.10: Release Date and New Features in Questing Quokka
Take a look at the new features and changes you'll see in the upcoming Ubuntu 25.10 release
Surfer – simple static file server
This is free and open source software
Graphics/Games: ZOTAC Zone Pro, LEGO The Lord of the Rings, and More
Games and more
Today in Techrights
Some of the latest articles
Open Source Pogocache Pushes Beyond Redis and Memcache
Pogocache, a new open-source cache server written in C
Free and Open Source Software
This is free and open source software
First Arch Linux ISO Powered by Linux Kernel 6.16 Is Now Available for Download
This is your friendly reminder that there’s a new ISO snapshot available for the Arch Linux distribution, for September 2025, which is powered by the latest and greatest Linux 6.16 kernel series.
Linux gaming OS Kazeta promises ‘console gaming experience of the 1990s’ for PC users — supports almost any DRM-free game, past or present
With the Kazeta OS you just ‘insert cart, power on, play.’
8 More Free Linux Games Based on Classics
When you're running Linux, you never have to be bored
Linux is actually the better OS for gaming—I’m never going back to Windows
I finally gave Linux a shot. Now, I am never going back
Minisforum AI X1 Pro running Linux: Introduction to the Series
In this series, I examine every aspect of this Mini PC in detail from a Linux perspective
Policorp Linux – Brazilian Linux distribution
Policorp Linux is a Brazilian Linux distribution
Android Leftovers
Honor's Android 16 beta plans leak with approximate release date
KDE’s Virtual Machine Manager Moves Forward
Karton’s August 2025 progress report shows KDE’s
Build Your Dream Linux Laptop : Framework 13 Laptop Review
What if your next laptop wasn’t just a tool, but a reflection of your values and technical prowess
DXVK 2.7.1 Fixes MSAA, Boosts D3D9 Game Performance
DXVK 2.7.1 addresses MSAA issues, enhances D3D9 game performance
Free and Open Source Software
This is free and open source software
GNU/Linux and BSD Leftovers
mostly GNU/Linux
Free, Libre, and Open Source Software and Web Browsers
FOSS and Web leftovers
Improving Wayland Window Activation for Kate & Konsole, Working on Range Markers in Kdenlive
KDE updates
Content Management Systems (CMS) / Static Site Generators (SSG) News/Views
3 new posts
Programming Leftovers
Development related leftovers
Open Hardware and Retro: Banana Pi, PCBs, and More
hardware picks
today's howtos
many howtos for today
Wireshark 4.4.9 Protocol Analyzer Released with Updated Protocols and Bug Fixes
Wireshark 4.4.9 has been released today as the ninth maintenance update to the latest Wireshark 4.4 stable series of this popular, open-source, free, and cross-platform network protocol analyzer software for Linux.
Unix and FreeBSD Leftovers
3 more links
Announcement of LibreOffice 25.8.1
LibreOffice 25.8.1, the first minor release of the free, volunteer-supported office suite for personal productivity in office environments
Kanidm – simple and secure identity management
This is free and open source software
Review: Tribblix 0m37
It's not a Linux distribution or even a member of the BSD family
Recent or Latest From XDA, HowTo Geek, and PCLOS Magazine
misc. articles
Desktop Environments: Latest on KDE and GNOME (or From Them)
some DE news
Games: Gamescom, GNU/Linux Gaming, and Ownership Issues
4 stories
PCLinuxOS Retrospective, Screenshots, and More
How to increase your disk space with one (or more) extra disk(s) in Linux?
HowTos in PCLinuxOS Magazine
3 new ones
The Online Safety Act
by Agent Smith (Alessandro Ebersol)
Today in Techrights
Some of the latest articles
9to5Linux Weekly Roundup: August 31st, 2025
The 255th installment of the 9to5Linux Weekly Roundup is here for the week ending on August 31st, 2025.
AerynOS 2025.08 Released with GNOME 48.4 and Mesa 25.2, KDE Plasma Support
AerynOS 2025.08 was released today, five months after the release of AerynOS 2025.03, as the latest ISO snapshot of this independent GNU/Linux distribution created by ex-Solus maker Ikey Doherty.
IceWM 3.9 Window Manager Released with Xcursor Support
IceWM 3.9 window manager for X Window System introduces Xcursor support
Incus 6.16 Container & Virtual Machine Manager Released
Incus 6.16 adds TrueNAS storage driver, tmpfs disks for containers
Linux Lite 7.6 Released with New Community Wiki and Updated Apps
Ubuntu-based Linux Lite 7.6 is out with a new community Wiki
Can Arch Linux Be Your Main PC OS? It's Mine and Here's How
Do you want to try Arch Linux but hear it’s not stable enough for daily use
Best Free and Open Source Software
This is free and open source software
FUSS – Debian-based Linux distribution
FUSS is an open source operating system based on the Debian Linux distribution
Technical Articles About Using the GNU/Linux Terminal Instead of GUIs
3 recent pieces
Programming With R and pgFormatter v5.7 Released
programming leftovers
Web Browsers: Vivaldi Bans Ponzi Scheme and Buzzwords, Mozilla Does Not
contrast
Debian and Security Leftovers
mostly Debian
Why Use Static Site Generators (SSG) and WordCamp US 2025 Coverage
Content Management Systems (CMS) / Static Site Generators (SSG) news
GNU/Linux Devices or Modding-Friendly Hardware
hardware leftovers
After switching to Linux, I finally stopped believing the myth that intimidated me
I suspect that's the case for a lot of Windows users
GSoC (Google Summer of Code) Reports From NetBSD and KDE
3 new reports
Games: Gaming on the Framework Desktop, Top 25 Games Of All Time, and More
Games-related updates
Fedora and CentOS Updates
4 new updates
KDE Reports and KDE Development
3 new stories
Applications: LHB GNU/Linux Digest, NetPeek, Bitwig Studio 6 Beta, and More
software news
today's howtos
many howtos for Sunday
GNOME Loses Head Again, This Week in GNOME
GNOME news
Release notes for the Genode OS Framework 25.08
Section Linux-based device drivers updated to kernel version 6.12
PuppEX Trixie64 (Puppy Linux) - compatible with Debian 13 - with LXQt 2.1 as DE :: Build 250829
My new Puppy Linux derivative is built using the Trixie Build Script (mklive-trixie)
Stable kernels: Linux 6.16.4, Linux 6.12.44, Linux 6.6.103, Linux 6.1.149, Linux 5.15.190, Linux 5.10.241 and Linux 5.4.297
I'm announcing the release of the 6.16.4 kernel
Android Leftovers
Pixel 10 Pro XL vs. Galaxy S25 Ultra: Android Camera Battle
4 Reasons I Keep Linux In a Docker Container Instead of Dual-Booting
Most people who want to use Linux alongside Windows or macOS go straight for the classic solution
Best Free and Open Source Software
This is free and open source software
So short, and thanks for all the flinch
I will be stepping down from the Executive Director role this week
today's howtos
8 howtos
Programming Leftovers
Development related links
Today in Techrights
Some of the latest articles