Microsoft’s legacy Secure Boot signing certificate is nearing expiration, initiating an important transition that impacts the wider Linux ecosystem.
The Microsoft UEFI Certificate Authority from 2011, widely used in the Secure Boot chain on standard PCs, will expire this June, and Linux distributions must move their shim signing path to the newer 2023 CA.
This is significant for the Linux ecosystem, as many distros depend on a Microsoft-signed bootloader (called shim) to start Linux on Secure Boot-enabled machines – a firmware feature that ensures only trusted software runs during startup.
This kind of thing only makes me hate MS even more.