I covered a fascinating post by Alexander Moch at ERNW about a boot-level Linux vulnerability that lets attackers inject code from the initramfs debug shell. Even with Secure Boot and encryption, a few key presses can drop you to a shell and allow persistent malware to be added.

Luckily, the fix is simple and involves kernel parameters. I break it down here:

https://nerds.xyz/2025/07/linux-initramfs-security-flaw-secure-boot-bypass/

Curious what others are doing to harden this layer.