On Tue, Jul 8, 2025, at 8:44 PM, Mateus Rodrigues Costa wrote: > I guess that users with devices that actively receive BIOS updates > should receive a update with the new certificates included, but it's > unknown what will happen for devices that are basically out of > support.
I have a Lenovo Thinkpad, just a few years old I suppose. It has received firmware updates as recently as end of last year and it has [ 1.072253] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4' But the boot scroll doesn't say the expiration date. This system does have UEFI Secure Boot enabled and it booted today. I see a newer firmware update May 12 this year, I'll apply that and see if the certificate changes. -- Chris Murphy -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue