this post was submitted on 15 Jul 2026
144 points (98.0% liked)

Technology

86362 readers
3186 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] victorz@lemmy.world 1 points 12 hours ago (3 children)

IMO, broken ≠ vulnerable. Broken to me means it doesn't work. There's a difference, to me. 🤷‍♂️

[–] dracc@discuss.tchncs.de 35 points 12 hours ago (1 children)

If the "working" definition is "is secure", and there's 11 ways in which it's not, is it not "insecure", aka. "not working" then?

[–] sp3ctr4l@lemmy.dbzer0.com 6 points 10 hours ago (2 children)

Secure boot is supposed to be a lock.

Turns out there are 10 year old tricks that bypass that lock.

A lock that cannot deny access to people without proper key... is a bad lock.

[–] victorz@lemmy.world 1 points 10 hours ago (1 children)

Yes.

Is UEFI shim = secure boot?

[–] sp3ctr4l@lemmy.dbzer0.com 2 points 9 hours ago* (last edited 9 hours ago) (1 children)

No.

Secure Boot is basically a 'lock', on the UEFI.

UEFI - Shim is basically a 'lockpick'.

UEFI is the first step in your computer booting, turning on.

So, if Secure Boot is supposed to be a 'lock', that limits who can access the UEFI ... but it turns out that there are many, old, UEFI - Shims, that defeat that 'lock'... then Secure Boot is not a good 'lock'.

I don't mean to be rude but it seems like there might be a bit of language confusion going on here... In English, a 'shim' is a kind of crude/simple tool that can be used to break or bypass some actual physical locks.

So 'UEFI-Shim' basically means 'a thing that breaks into your UEFI'.

[–] victorz@lemmy.world 1 points 6 hours ago* (last edited 6 hours ago)

I don't think there's a language barrier here. I'm fluent in English, and I know what a shim is, both IRL and in the software world. I've just not run into it in a boot loader context before. And I'm not really knowledgeable when it comes to secure boot, either. Just trying to understand. 🙂

Are you sure that's a good phrasing though, "that breaks into your UEFI"?

A shim is usually something that you use to add or modify functionality by interception, right? Like a middle-ware, almost. So these old shims, are they responsible for functionality that directly has to do with Secure Boot, or something else?

If so, they are broken — i.e. not fulfilling their purpose.

If something else, they are not broken. They are just breaking something else, or making it vulnerable.

Am I making sense? Does it not make sense? Because after all, I don't know much about the details of the subject matter. 😁

[–] imecth@fedia.io 0 points 10 hours ago (1 children)

There's like dozens of ways to open a lock without the proper key, it's probably not the best comparison...

[–] sp3ctr4l@lemmy.dbzer0.com 2 points 9 hours ago

I think that Victor may not have English as his primary/first language, I am trying to use a simple comparison that is more likely to convey the general, fundamental concepts.

[–] A_norny_mousse@piefed.zip 1 points 11 hours ago (1 children)

Forgotten UEFI shims undermining Secure Boot

Better?

[–] victorz@lemmy.world -1 points 10 hours ago

I guess? I dunno. I'm not very good at boot systems.