Matthew GarrettMay 9, 2023
Microsoft security update that blocks Black Lotus (and, incidentally, also blocks a *lot* of existing Windows boot media and recovery images - you do want to be careful in applying this, but I'm still kind of amazed this ended up being politically viable!) https://support.microsoft.com/en-us/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d
KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932 - Microsoft Support

Show threadRichard HughesMay 9, 2023
@mjg59 I'm still not sure when to push the LVFS updates. We do check all the stuff in the ESP to make sure that nothing's going to get bricked, but that doesn't count recovery images...
Show threadMatthew Garrett
@hughsie Honestly I think lining up with the Microsoft schedule of 2024 makes sense, but doing something to enable manual updates for people who have this sort of thing as part of their threat model
May 9, 2023 at 8:22pmWeb
Show threadMorten LinderudMay 9, 2023

@mjg59 @hughsie

Right, but what happens if there are new revocations appended before 2024?

The list would need to be manually managed and not the one as-is from uefi.org?

Show threadRichard HughesMay 9, 2023
@Foxboron @mjg59 I honestly can't see MS customers waiting that long.