If you dual-boot or run a Linux distribution with Secure Boot enabled, you may have heard about a major security deadline. The original Microsoft 2011 UEFI Third-Party Certificate Authority (CA) keys, which most Linux distributions rely on to sign their initial bootloaders (shim) on consumer PC hardware, expired at the end of June 2026 The expiration of a certificate doesn't invalidate already-installed, signed binaries on your system; firmware doesn't check expiration dates at boot time. However, moving forward, future Linux bootloader updates and security patches will be signed exclusively using the new Windows UEFI CA 2023 key . If your motherboard's firmware database isn't updated to trust this new 2023 key, your Linux system may eventually experience package management blocks or fail to apply critical bootloader updates. Before running updates, check if Secure Boot is active and see if your system already recognizes the 2023 certificate hierarchy. Open your termi...
- Get link
- X
- Other Apps