82
Linux and Secure Boot certificate expiration (lwn.net)
submitted 2 days ago by cm0002@programming.dev to c/linux@programming.dev
25 comments fedilink hide all child comments

Linux users who have Secure Boot enabled on their systems knowingly or unknowingly rely on a key from Microsoft that is set to expire in September. After that point, Microsoft will no longer use that key to sign the shim first-stage UEFI bootloader that is used by Linux distributions to boot the kernel with Secure Boot. But the replacement key, which has been available since 2023, may not be installed on many systems; worse yet, it may require the hardware vendor to issue an update for the system firmware, which may or may not happen. It seems that the vast majority of systems will not be lost in the shuffle, but it may require extra work from distributors and users.

you are viewing a single comment's thread
view the rest of the comments
[-] victorz@lemmy.world 2 points 2 days ago

What would you recommend as a schedule for "regularly"?

[-] 9tr6gyp3@lemmy.world -2 points 2 days ago* (last edited 2 days ago)

IMO, keep an rss feed of your vendors firmware updates being released on their website or periodically check it yourself. As soon as its released, go ahead and install it. If you want to be cautious, maybe give it a week or two to make sure they dont pull the update due to issues with that particular release.

Even better, if the manufacturer offers a utility to keep updates installed, just run that periodically.

[-] victorz@lemmy.world 3 points 2 days ago

I haven't discovered any manufacturer's RSS feed. Is that a common thing?

[-] 9tr6gyp3@lemmy.world 1 points 2 days ago

No idea. You can use something like jackett to generate an RSS feed for you if they dont have one.

Maybe they have a newsletter for updates, or a registration card, social media account, or maybe a security team that announces security updates.

All im suggesting is look into how your manufacturer announces these updates and actively listen to that communication.

[-] victorz@lemmy.world 1 points 2 days ago

Gotcha. ๐Ÿ‘

this post was submitted on 20 Jul 2025
82 points (100.0% liked)

Linux

8531 readers
545 users here now

A community for everything relating to the GNU/Linux operating system (except the memes!)

Also, check out:

Original icon base courtesy of lewing@isc.tamu.edu and The GIMP

founded 2 years ago
MODERATORS
Ategon@programming.dev
anzo@programming.dev
dwraf_of_ignorance@programming.dev