Il 03/10/2023 04:01, Jeffrey Walton ha scritto:
Does it mean that you can not boot your *old* Clonezilla live after booting a latest Clonezilla? If so, it is better to discuss the issue with shim or grub developers.Yes. If I load a Clonezilla live newer than 3.1.0-11, then I cannot boot anymore 2.8.1-12.I would probably bet if you booted to Windows, the OS would check the Forbidden Signature/Secure Boot DBX and (re)apply KB5012170 [0] as required.
No, it hasn't happen. If you read entire discussion, it hasn't happen nieither with Windows 10 nor Windows 11. The only action that breaks secure boot of Clonezilla 2.8.1-12 is reaching the page of Grub entries in recent Clonezilla and Debian live.
So you are probably going to have to deal with this sooner rather than later. Both OSes are going to try to update the database with signatures of the bad grub programs. Or I would not bet against it. Jeff [0] https://support.microsoft.com/en-gb/topic/kb5012170-security-update-for-secure-boot-dbx-72ff5eed-25b4-47c7-be28-c42bd211bb15
Yes, no one can tell... but this update has more than six months. So far it seems that Linux has a larger revocation database.And, even if Windows would adobt this larger database, I keep on considering it bad in a live environment. Be it Live Windows or Live Linux.