83
Linux and Secure Boot certificate expiration (lwn.net)
submitted 1 week ago by cm0002@programming.dev to c/linux@programming.dev
25 comments fedilink hide all child comments

Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen. It seems that the vast majority of systems will not be lost in the shuffle, but it may require extra work from distributors and users.

you are viewing a single comment's thread
view the rest of the comments
[-] Ooops@feddit.org 12 points 1 week ago* (last edited 1 week ago)

Linux users who have Secure Boot enabled on their systems [...]

No.

Some Linux users lazily using shim-based Secure Boot implementations provided out of the box by some distros. Mostly exactly because that's a setup that came with their install where they don't have to do anything and they also don't actually care.

Everyone actually caring for Secure Boot has the option to setup and use their own proper keys easily.

The real problem is (and has been for a long time) the amount of absolute trash level UEFI implementations still in use nthat are basically non-functional once you try to use any Secure Boot funtionality beyond just using the pre-installed MS keys.

this post was submitted on 20 Jul 2025
83 points (100.0% liked)

Linux

8623 readers
546 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev