On Wed, Jul 9, 2025, at 4:42 PM, Chris Murphy wrote:
> I have a Lenovo Thinkpad, just a few years old I suppose. It has
> received firmware updates as recently as end of last year and it has
>
> [ 1.072253] integrity: Loaded X.509 cert 'Microsoft Corporation UEFI
> CA 2011: 13adbf4309bd82709c8cd54f316ed522988a1bd4'
mokutil reports more details:
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation Third Party Marketplace Root
Validity
Not Before: Jun 27 21:22:45 2011 GMT
Not After : Jun 27 21:32:45 2026 GMT
Subject: C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Corporation UEFI CA 2011
I'm confused why I'm able to boot. Seems like shim should fail verification if the public key is expired.
*shrug*
--
Chris Murphy
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
