Guest: We are at a “proposed final” true release candidate with nothing known remaining to be changed or fixed. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum. /Steve.
Be sure to checkout “Tips & Tricks”
Dear Guest Visitor → Once you register and log-in:
This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!
I have a distinct memory of him talking about something related, but I don't think he has discussed this specific vulnerability, at least I find no evidence of that specific CVE. I know he has mentioned other secure boot issues, and UEFI driver compromises in the last couple of years.
I haven't talked about that one, Mervyn. I don't have any strong reasoning for not having mentioned it, though I don't recall exactly when I saw it and what other news it may have been competing with. And also, it may have been my own bias, since I've never really bought into the whole secure boot concept. It has always felt like Microsoft spending a huge amount of effort on something that's not really a large problem (compared to so many of their other problems that are) and that it cannot really be fixed -- as we continually see bypasses and ways around it and mistake being made there. It's certainly not "one and done."
Perhaps you could share all your concerns about secure boot in an episode when there is a quiet news week? I am sure listeners would be interested. I don't think Microsoft is going to resolve it until the first half of this year. As I understand it, the "workaround" they have at the moment, is to add a registry key manually. This will make all backups unusable, and any recovery boot media you have also unusable. Even a reformat & reinstall the OS will not work after this "fix"! (KB5025885)