Hello everyone,2]
The memorial date of 9/11 terrorist attack on World Trade Center
is coming near; but did you know that there is another new
digital terrorist attack impending on this same date this year?
It's the Microsoft's 9/11 attack on libre software.
I suspect that many people who installed libre operating system
(especially GNU/Linux) on PCs and laptops manufactured since 2010s,
did not take a necessary step of turning off a Microsoft-introduced [0] on-by-default antifeature [1] that is misleadingly called "Secure Boot" [=
in their machine's UEFI firmware settings.ue;
But when such users installed mainstream (read: corporate)
GNU/Linux distributions on such setups, those seemed to install
and boot alright; because companies behind these distributions
bowed down and paid Microsoft monies to get their bootloader-shim signed,
so it could be installed and run; with users blissfully unaware [3]
of the phantom menace underlying this seemly-smooth experience.
And now this menace is rearing its head: the certificate chain
which these shims rely on is about to expire on... 11-Sep-2025,
i.e. next Thursday a.k.a. the 9/11:
https://lwn.net/Articles/1029767/
^ Be aware about Microsoft employee in the thread trying to fudge the iss=
especially for the first comment. [4]en;
If your libre OS failed to boot on your machine past 11-Sep-2025;
you know what is the culprit.
The only real solution is disabling "Secure" Boot in your UEFI setup scre=
which instruction on how to do so varies mainboard-to-mainboard,oot
so be sure to RTFM.
(On some "bad" computers, it might be require invasive action [5];
or outright impossible [6] in some consumer laptops)
^ And note that if your system survived this without your intervention,
it also likely meant that your mainboard's implementation of "Secure" B=
was broken (i.e. insecure); which basically make any ounce ofmpending_Catastrophe_Micr.shtml
[faux-]security it promised a snake oil anyway.
(Whether you'd take this as a good or bad news, is another matter)
If you don't have a chance to completely reboot the system to check
in your UEFI setup menu right now; ~jmcs suggested to me you could check
the status of this antifeature by issue `mokutil --sb-state` command [7]
on a running GNU/Linux system.
If you would like to read more between the lines of this situation, see:
http://techrights.org/n/2025/08/26/The_UEFI_9_11_Part_I_Introduction_to_I=
http://techrights.org/n/2025/08/28/The_UEFI_9_11_Part_II_Campaign_of_Cens=orship_and_Defamation_Aga.shtml
http://techrights.org/n/2025/08/30/The_UEFI_9_11_Part_III_Chaos_is_Schedu=led_to_Happen_Second_Thur.shtml
http://techrights.org/n/2025/09/04/The_UEFI_9_11_Part_VI_This_Serious_Har=m_Was_Planned_for_Over_a_.shtml
http://techrights.org/n/2025/09/02/The_UEFI_9_11_Part_V_This_is_Not_a_Dri=ll_Disable_SecureBoot_Now.shtml
http://techrights.org/n/2025/09/01/The_UEFI_9_11_Part_IV_External_Interfe=rence.shtml
May your system survive this logic bomb terrorist attack.=20
Finger crossed,
~xwindows
P.S. I myself am not affected, since I have been paying close attentionBoot_Shills_Already_Storming_.shtml
to this issue since early 2010s, and disabled "Secure" Boot
(as well as disabling UEFI booting altogether) on all UEFI-capable
machines I own from day one.
[0] And mandated through their OEM agreement with computer manufacturers
that wish to ship machines with Microsoft Windows preinstalled.
[1] Feature (i.e. intentionally-engineered software function)
which is anti-user.
[2] Which is an euphemism of bootloader locking; disallowing operating
systems unapproved (by Microsoft) from booting.
Basically security for Microsoft's market dominance,
not user's security.
[3] Well, might not be completely: there have been incidents in the past
where big-name distributions distributed bootloaders
(and sometimes kernel) which were signed incorrectly;
and users found they could no longer boot after updating their system.
[4] As pointed out in:
http://techrights.org/n/2025/07/24/Microsoft_Microsofters_and_Secure_=
[5] For example, Lenovo Ideapad laptop requires you to completely shut do=wn
the system in a very-specific way, then poke a sharp pin into
a specific (but nondescript) hole on one side of the machine,
then press the power button; to be able to access a menu which
allow you to disable this antifeature. Yes, I have met these things
in real life, unfortunately. (Thankfully, that wasn't my own laptop)
[6] If you use consumer-grade laptops from ASUS, beware.
[7] See <https://man.archlinux.org/man/extra/mokutil/mokutil.1.en>
if you would like to RTFM about this utility specifically.
| Sysop: | deepend |
|---|---|
| Location: | Calgary, Alberta |
| Users: | 278 |
| Nodes: | 10 (0 / 10) |
| Uptime: | 15:24:42 |
| Calls: | 2,357 |
| Calls today: | 3 |
| Files: | 4,990 |
| D/L today: |
218 files (61,623K bytes) |
| Messages: | 428,728 |