Linux Secure Boot Facing Key Expiration: A Race Against Time

Popular：

Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Linux Secure Boot Facing Key Expiration: A Race Against Time

2025-07-19

Linux Secure Boot systems rely on a Microsoft key set to expire in September. This key signs the shim, the first-stage UEFI bootloader used to boot the Linux kernel. While a replacement key has been available since 2023, many systems may lack it, potentially requiring hardware vendor firmware updates. This poses extra work for Linux distributions and users. Updating firmware via LVFS and fwupd might be necessary, but isn't guaranteed to succeed; older BIOS systems may face space constraints, even requiring a BIOS reset. Vendor updates may also be problematic, with some manufacturers having lost access to their platform keys. Ultimately, disabling Secure Boot might be the only option in some cases.

(lwn.net)

Development

Stellar Flyby Sculpted the Orbits and Colors of Trans-Neptunian Objects

arXivLabs: Experimenting with Community Collaboration