On 26/07/2022 20:05, Chris Murphy wrote:
Summary: Windows 10/11 increasingly enables Bitlocker (full disk encryption) out of the box with the encryption key sealed in the TPM. Two different issues result:
Microsoft has published a new security bulletin on the current state of Secure Boot:
https://docs.microsoft.com/en-us/windows/security/information-protection/secure-the-windows-10-boot-process The most important note:
Secured-core PCs require Secure Boot to be enabled and configured to distrust the Microsoft 3rd Party UEFI CA signature, by default, to provide customers with the most secure configuration of their PCs possible.
TL;DR. The new certified by Microsoft devices will be able to load only Microsoft Windows in the UEFI Secure Boot enabled mode.
"Microsoft <3 Linux", "Microsoft is a friend", "Microsoft has changed", - they said.
-- Sincerely, Vitaly Zaitsev (vitaly@xxxxxxxxxxxxxx) _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
