“Whether a proof of concept or not, Bootkitty marks an interesting move forward in the UEFI threat landscape, breaking the belief about modern UEFI bootkits being Windows-exclusive threats,” ESET researchers wrote. “Even though the current version from VirusTotal does not, at the moment, represent a real threat to the majority of Linux systems, it emphasizes the necessity of being prepared for potential future threats.”
Don’t know, been rolling with Gentoo for some time now.
I wouldn’t trust “out of the box” support anyway as that would imply trusting microsoft keys.
It is so annoying that one can’t ditch m$ keys and still boot windows. Sure you can sign the windows bootloader with your own keys. However it checks its own signature and just refuses to boot.
If anyone has a solution let me know.
I checked my store and there are Canonical keys there, but I don’t think that’s on every computer.