>-----Original Message-----
>From: PLUG <[email protected]> On Behalf Of Loren M. Lang
>Sent: Monday, May 4, 2026 2:45 AM
>To: Portland Linux/Unix Group <[email protected]>
>Cc: [email protected]; [email protected]; 'Off-topic and
>potentially flammable discussion' <[email protected]>
>Subject: Re: [PLUG] [PLUG-ANNOUNCE] Speaker for May General Meeting?
>Generally, the install doesn't add new root keys, although firmware/BIOS
>updates can update the keys in the UEFI firmware variables. These are
>generally signed by >the PK that the BIOS vendor embeds in the firmware to
>begin with.
That is the part I missed.
One of my machines at work is a Microsoft Surface Studio. MS distributes BIOS
updates directly for this via windows updates. I just went through
reinstalling windows on it (since it's CPU is a generation 6 core i7, thus not
"orficially supported for windows 11, you must reinstall every time they
release a new build)
The Secure Boot key in the BIOS was NOT updated. ¯\_(ツ)_/¯
I guess MS's policy is "if it's not gen 8 or better then FU even if we
manufactured it and you are running our crappy software on it"
Sigh.
Ted
