Subj : Garrett: Secure boot certificate rollover is real but probably won't hu
To   : All
From : LWN.net
Date : Sat Aug 02 2025 06:40:08

Matthew Garrett has posted a detailed followup to
our recent article on the coming
expiration of Microsoft's Secure Boot signing key.

The upshot is that nobody actually enforces these expiry dates - here's
	the reference code that disables it. In a year's time we'll
	have gone past the expiration date for 'Microsoft Windows UEFI
	Driver Publisher' and everything will still be working, and a few
	months later 'Microsoft Windows Production PCA 2011' will also
	expire and systems will keep booting Windows despite being signed
	with a now-expired certificate. This isn't a Y2K scenario where
	everything keeps working because people have done a huge amount of
	work - it's a situation where everything keeps working even if
	nobody does any work.

https://lwn.net/Articles/1032090/
--- SBBSecho 3.29-Linux
 * Origin: Palantir * palantirbbs.ddns.net * Pensacola, FL * (86:200/23)

.