Got This Message From Software Updates This Morning

See 2 photos below ...... what is Microsoft doing trying to update anything on Zorin ..... and yes I'm dual booting but on separate drives .... I sure hope this isn't going to be a glimpse into the future with M$ trying to take over Linux (or maybe I'm just being a bit paranoid) .... I don't have any Wine ... Flatpak or other type apps installed on my Zorin OS ....

The first message that popped up followed by the next photo

I didn't download anything yet ....

That is a firmware update connected to the Secure Boot function.

You may have Secure Boot disabled, but that is not necessarily related to what packages need updating.

So...
Secure Boot- this is a Windows OS function.
Since Ubuntu and other Linux distributions can dual boot alongside of Windows - this means that these distros must have a means of contending with Secure Boot, which is what MOK in Ubuntu and Ubuntu-derivatives is.

Microsoft signed off (in a cooperative act) on Linux packages, telling Secure Boot to permit and allow Linux Packaging to proceed init in boot.
Even if you have secure boot disabled and nothing MS on your computer at all, Secure Boot and TPM remain, due to hardware manufacturers catering to Windows.
These are safe... just annoying.
And a minor point... While MS signed off on most Linux packages, they did not sign them all... So even with this, some users still experience troubles if they happen to have a startup program installed the MS did not approve of.

1 Like

I was curious as this is the first time I have seen anything like this pop up ..... I haven't changed anything in my BIOS that I am aware of so Secure Boot should still be turned off but I will check next time I start up to make sure it is .....

If they did they probably have a very good reason to do so and every reason is in their favor ..... after finding out that back in the day when M$ allowed you to pick and choose which parts of their updates that you wanted to keep or dis guard they would simply make the ones they wanted to make mandatory a security update in their next update .... thus keeping you from removing them ..... I don't trust M$ period ....

What I gathered from you post above is that they are safe to download but is there a way to keep from having to download them ..... if I just ignore them I'm sure they will just keep popping back up .... maybe I'll just see how long it takes for them to reappear till annoyance over comes paranoia ..... :grinning:

As far as the Wayland updates go I do have Wayland installed but have never tried it due to problems I have read from other users ..... is there an advantage to using Wayland ????? I have heard that NVIDIA is one of the biggest hold outs with their drivers when it comes to Wayland and have no interest at all in getting onboard .....

Secure Boot does not need to be enabled for the updates to be offered for the packages.

I will need to check on this... allow some time.

For you, probably none. Some can benefit from Wayland. Even so, as you have read... it may be best to avoid it.
The Wayland updates are offered, just as many software packages that you do not really use or pay much attention to can receive updates.

1 Like

Take you time no rush .... I'll just keep ignoring it ..... take care of more pressing matters .....

Essentially, firmware does not need to be updated frequently. If it is required, then the firmware deserves to be suspected.

Well, it is a DBX update, which means that the signatures that were allowed in DB have been suspected of being malicious, placing them in DBX.
Really, it is not an update that should be ignored by any users that employ Secure Boot.

I have found how to block it... And I Do Not Recommend doing so. This can affect your EFI boot and Grub.
And it is not worth doing.
The attempt to avoid a perceived threat could actually cause real damage to your bootable system.
I assure you, it is a vetted release and is not Microsoft sneaking anything onto Linux. It is not from Microsoft - it is from Canonical. The signatures are From Microsoft.
And as you have Secure Boot disabled, is ineffectual in any case.

2 Likes

Many thanks Aravisian I will install next time it shows up to be downloaded ..... I would rather error on the side of caution than to "boldly go where no man has gone before" ..... when it comes to computers Captain Kirk I am not ..... :+1: :grinning:

Yes, allowing the update would be the logical thing to do. If it was malicious, it wouldn't have gotten through the ZorinGroups shields.

1 Like