Linux and Secure Boot certificate expiration
10 months ago
- #Linux
- #Secure Boot
- #UEFI
- Microsoft's Secure Boot key for Linux shim bootloader expires in September, requiring updates for many systems.
- New Microsoft 2023 UEFI key may not be installed on many systems, potentially requiring firmware updates from vendors.
- LVFS and fwupd tools are being enhanced to handle necessary updates, but some systems may still face issues.
- Certificate expiration could prevent new Linux installations on Secure Boot systems unless updates are applied.
- Older BIOS versions may struggle with EFI variable space, complicating key updates.
- Some vendors have lost access to their platform keys, adding complexity to the update process.
- Secure Boot's reliance on vendor-controlled keys creates ongoing challenges for Linux support.
- Disabling Secure Boot may be the only solution for systems without vendor updates.