On Tue, Jul 8, 2025, at 8:44 PM, Mateus Rodrigues Costa wrote:
> I guess that users with devices that actively receive BIOS updates
> should receive a update with the new certificates included, but it's
> unknown what will happen for devices that are basically out of
> support.

I have a Lenovo Thinkpad, just a few years old I suppose. It has received 
firmware updates as recently as end of last year and it has 

[    1.072253] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 
2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'

But the boot scroll doesn't say the expiration date. This system does have UEFI 
Secure Boot enabled and it booted today.

I see a newer firmware update May 12 this year, I'll apply that and see if the 
certificate changes.


-- 
Chris Murphy
-- 
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to