I have completely forgotten about the SecureBoot key expiration that is coming on Wednesday. I don’t have SecureBoot enabled on any of my devices, but I wonder if it could cause issues down the line if I don’t ensure that the keys have been updated?
It could if you/future owner ever need to re-enable it:
The trouble is not your present boot; it’s your future boot. If your older PC’s firmware never gets the 2023 keys, and the rest of the world starts assuming those keys exist, you can end up stuck in a weird limbo. While your existing Linux install will still boot, a new or updated distro won’t.
Testing now will help diagnose future problems.
https://www.zdnet.com/article/aspirin-for-linuxs-microsofts-secure-boot-headache/
Huh? Haven’t heard about that. I am using Bazzite and IIRC they are supplying their own key for signing? Might be wrong tho.
Nah, but there should be a BIOS/UEFI firmware update available and those are always nice to keep up with.
If Secure Boot is the security guard at the entrance then updating the BIOS/UEFI gives him the latest rulebook and will make the process simpler if you decide you want Secure Boot in the future.
The update can also have other fixes that you want.I’m not sure all devices are getting a bios update for this. Didn’t Dell confirm this some time ago? If I’m understanding things correctly, Microsoft is forcing you to: 1) get the update by installing win11 legit with no bypasses 2) get the bios update from your hardware manufacturer 3) essentially turn off secure boot.
I think there are plenty of fully functional PCs out there, capable of running win11, but not supported because of something like tpm2.0, whose bios won’t be updated by the manufacturer, and therefore have no path to receive this update. Which means the pc will probably eventually be forced to run without secure boot.
Which I think means if you’re a windows only user - forced obsolescence-buy a new pc. If you’re a linux user - you’re fine.
I think? I could be completely wrong here - but that’s my understanding of it all.
Microsoft confirmed your computer will boot just fine, it’s just that secure boot is effectively off.
It’s no different from like 80% of Linux distros that don’t support secure boot at all. Except for those you have to actually manually disable secure boot to boot.
I believe Fwupd can also update your Secure Boot certificates.
If you resell your computer down the line and the new owner enables Secure Boot, they won’t be able to install anything once the certificate expired and OSes are only signed with the new one.
