news
UEFI 'Secure Boot' is Not Security, Another Farce Demonstrated This Week
-
Hot Hardware ☛ Forgotten Microsoft-Signed Bootloaders Let Hackers Bypass Secure Boot For 11 Years [Ed: UEFI 'Secure Boot' Still Not Secure in 2026, New Holes (or Bypasses) Still Being Found]
As it turns out, the batch of expiring Secure Boot certificates isn't the only Secure Boot-related concern that Microsoft and the public need to worry about this year. ESET Researchers have uncovered 11 vulnerable UEFI shim bootloaders signed and forgotten by Microsoft for a decade. The nature of these shims allows them to be flashed on any PC with Microsoft's third-party UEFI certificate installed, which then opens the PC to rootkits and other forms of hard-to-remove malware.
-
LWN ☛ Many old shim versions are still accepted by secure boot
The CMU CERT Coordination Center has put out an advisory that many
exploitable versions of the shim binary, used to boot Linux on systems with
UEFI secure boot enabled, were never added to the revocation list.