“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. “Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.”

  • Shdwdrgn@mander.xyz
    link
    fedilink
    English
    arrow-up
    36
    ·
    28 days ago

    I associate it with the fight I’ve had every single time I tried to use it. It’s never been a smooth process on any server I attempted to use it on. Usually I either run into problems with a system not wanting to properly boot the memory stick even with a full UEFI image flashed to it, or if I do get that to work I go through the whole installation process only to find the system unbootable for whatever reason. Eventually I just give up and do a standard installation because why should I have to work this hard to put an OS on a machine?

    • charade_you_are@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      15
      ·
      28 days ago

      I actually had a system that wouldn’t initiate the video card because of secure boot and many other problems with over the years that I repaired them for a living. Left a very bad taste in my mouth but if it’s actually improving I’ll it again.

    • Illecors@lemmy.cafe
      link
      fedilink
      English
      arrow-up
      5
      ·
      28 days ago

      It is a system one has to understand fully, i.e. not like ssh, where you can understand connecting to a remote host without bothering about key pairs, x11 forwading, etc.

      I was lucky enough to have figured out Gentoo enough where plugging in secure boot was just extending my own system update script. Admittedly, I don’t know how much other distros fight back.

      • Shdwdrgn@mander.xyz
        link
        fedilink
        English
        arrow-up
        7
        ·
        28 days ago

        I’m on Debian, they’ve been providing UEFI images for a number of years so everything should “just work”. In fact I have one server where things did just work and that’s the only system using UEFI. Two other servers of the same model and BIOS version completely failed after numerous attempts so I finally said screw it and just did a normal install.

        • Illecors@lemmy.cafe
          link
          fedilink
          English
          arrow-up
          2
          ·
          27 days ago

          Do you know how that works? Is it something like Ubuntu where Canonical uses some sort of chain from Microsoft or do you have to embed the cert they provide into UEFI yourself?

          • Shdwdrgn@mander.xyz
            link
            fedilink
            English
            arrow-up
            2
            ·
            27 days ago

            Sorry, I really haven’t a clue. I just know once in awhile it does work, but usually it fails for me.

      • Shdwdrgn@mander.xyz
        link
        fedilink
        English
        arrow-up
        1
        ·
        28 days ago

        Shouldn’t this all be handled automatically by the Debian installer though? It seems weird that I would ever have to run other tools just to install a brand new system.

        • 9tr6gyp3@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          27 days ago

          Oh yeah Debian has their own documentation for SecureBoot. If thats not working though, check out sbctl.