Tails 7.7: Warning about expired Secure Boot certificates

The anonymizing Linux distribution Tails has been released in version 7.7. It can now warn about outdated Secure Boot certificates from Microsoft, for example.

In the release announcement, the Tails developers write that Microsoft is replacing the old Secure Boot certificates, which expire in June 2026, and Tails will display a dialog if the computer uses outdated Secure Boot certificates and requires an update. In a dedicated issue report, they explain that Tails might no longer start after a future update due to this. It is unclear when this will happen, as the timing depends on when Tails adopts changes from Debian. However, computers might then display a "Secure Boot Violation" error. As a solution, they suggest starting Windows and installing the Secure Boot certificates there via Windows Update. On Linux, the fwupd daemon helps; Linux distributions using the Gnome desktop apply the update automatically through Gnome Software. Additionally, there is the option to disable Secure Boot in the BIOS.

Tails: Version Maintenance

Furthermore, the developers have updated the Tor Browser to version 15.0.10. This is based on Firefox 140.10.0esr and therefore includes several security fixes; additionally, OpenSSL in this package is more up-to-date. Thunderbird is included in version 140.9.1 – from version 7.8 of Tails, this is no longer standard, and the Thunderbird installation package will move to persistent storage, allowing the current version to be installed at Tails startup. The developers have also corrected a permission error: the /root folder is now only readable by the root user.

As always, the updated images are available for transfer to USB sticks as well as ISO images for burning to DVDs or use in a VM.

A week ago, the project released Tails 7.6.2 as an emergency update. It closed a security vulnerability in Flatpak that allowed attackers to break out of the Tor Browser's security environment.

(dmk)