It's dead, Jim – the old Microsoft UEFI CA from 2011 expired yesterday
13 hours ago
- #Debian
- #Secure Boot
- #UEFI
- The old Microsoft UEFI CA from 2011 expired, ending its use for signing option ROMs and other software.
- Debian and other distributions successfully secured new shim binaries dual-signed with old and new CAs, thanks to the shim-review team and Microsoft's quick signing efforts.
- Debian plans to roll out dual-signed shim binaries in upcoming point releases and unstable/testing versions, with users urged to update systems to avoid boot failures.