The author has published a new lockdown bypass that affects the mainline kernel as well: https://www.openwall.com/lists/oss-security/2020/06/15/3

Requires the ability to edit information in /boot and to reboot, so effectively root access but it does circumvent secure boot.

What is SSDT? What's exactly going on in this exploit?

So building a signed kernel that doesn’t support the nokalsr would be sufficient to stop this attack.

Never heard of iasl, but it is automatically installed and looks cool.

Does this affect Debian, or Ubuntu only?

Very cool. A very clever exploit.

In every UEFI thread there’s a bunch of critics saying, “See! It doesn’t work! UEFI secure boot is pointless!”

I say that it takes this much effort to bypass it shows the opposite: that it does work, it does increase security.

Because without it, you’d be compromised already at step zero.

But like every security measure so far, it’s seemingly not perfect. Nobody is honestly surprised by that, are they?