Garrett: Secure boot certificate rollover is real but probably won't hurt you
Date:
Thu, 31 Jul 2025 17:14:48 +0000
Description:
Matthew Garrett has posted a detailed followup to
our recent article on the coming
expiration if Microsoft's Secure-Boot signing key. The upshot is that nobody actually enforces these expiry dates - here's
the reference code that disables it . In a year's time we'll
have gone past the expiration date for 'Microsoft Windows UEFI
Driver Publisher' and everything will still be working, and a few
months later 'Microsoft Windows Production PCA 2011' will also
expire and systems will keep booting Windows despite being signed
with a now-expired certificate. This isn't a Y2K scenario where
everything keeps working because people have done a huge amount of
work - it's a situation where everything keeps working even if
nobody does any work.
======================================================================
Link to news story:
https://lwn.net/Articles/1032090/
--- Mystic BBS v1.12 A49 (Linux/64)
* Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)