Greetings, for a few years now i own a chinese made huananzhi X99-QD4 motherboard and only recently i read a news article about the expiring secureboot certificates,(i have only basic understanding what secureboot is and how it works) And what i understood after googling the subject is that the key exchange key is “baked” into motherboards firmware and is updated with the firmware update provided by the MB manufacturer.
In my case a firmware update from the manufacturer is highly unlikely to happen and this means i will lose the ability to use secureboot on this hardware after some time
My question is how big of a security impact thi would have on my fedora PC?
My environment is mainly a home network with 5 PC/notebooks, 5 more mobile devices using wifi access, 2 proxmox boxes (serving nextcloud, home assistant, tailscale, jellyfin and an SMB server) and multiple IoT devices. I use a mini pc with Opnsense as my firewall and in the future i plan to buy a managed switch to split up my network, putting all IoT devices in a separate VLAN for starters.
I actually dual boot windows, but i consider to uninstall, and the fun fact is that i had these thoughts before i read the secureboot news, i use PC since 2003, i’ve been using linux as my main OS since 2009, the last major use for windows was gaming, now the majority of games i play run under linux run with no problem, and any other use of windows could be satisfied by a VM.
You also have to consider the users of connected devices — kids need training and supervision. Secure boot protects against attempts to boot untrusted software. If only trusted adults are booting systems then secure boot doesn’t add value to make it worth the effort it requires.