Mate Kukri discovered the Debian build of EDK2, a UEFI firmware
implementation, used an insecure default configuration which could result
in Secure Boot bypass via the UEFI shell.

This updates disables the UEFI shell if Secure Boot is used.

https://security-tracker.debian.org/tracker/DSA-5624-1

Read More