Hello all, As you guys know Secure Boot is supported by Fedora Linux and it relies on the Microsoft signing keys. Well, recently I was looking at this month's Windows 11 cumulative update and noticed this warning:
Important: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. This might affect the ability of certain personal and business devices to boot securely if not updated in time. To avoid disruption, we recommend reviewing the guidance and taking action to update certificates in advance. For details and preparation steps, see Windows Secure Boot certificate expiration and CA updates. Which links to https://support.microsoft.com/en-us/topic/windows-secure-boot-certificate-expiration-and-ca-updates-7ff40d33-95dc-4c3c-8725-a9b95457578e My question is if we as Fedora users should worry.... I guess that users with devices that actively receive BIOS updates should receive a update with the new certificates included, but it's unknown what will happen for devices that are basically out of support. I believe that fwupd should be able to update that certificate, but at least on my system the Microsoft certificate isn't shown on it (I believe on a UEFI Secure Boot VM it's shown) Should we worry about this? For instance, my device, a Dell laptop, for which fwupd recognizes: the firmware (which I update via a built in Bios flash utility), the dbx (updated via fwupd) and a mysterious "Dell Platform Key", which might be Microsoft's certificate along with some other Dell stuff. Is Linux ready for the Microsoft certificate expiring next year? Thanks for your time, Mateus Rodrigues Costa -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
