Re: Windows Secure Boot certificate expiration (June 2026)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


On Wed, Jul 9, 2025, at 5:14 PM, Chris Adams wrote:
> Once upon a time, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> said:
>>             Not After : Jun 27 21:32:45 2026 GMT
> <snip>
>> I'm confused why I'm able to boot. Seems like shim should fail verification if the public key is expired.
>
> Are you posting from the future? :)

I'm not supposed to admit that. ;)

OK so after firmware update the system unsurprisingly still boots, because it is apparently still 2025. But none of the certificates have changed. I guess they'll get around to it in the next 11 months?

Meanwhile I've (re)experienced a "feature" of my Lenovo firmware. Whereupon loading BIOS defaults and saving them, there are no more boot entries listed in the firmware boot menu. Not Windows. Not Fedora. Both have bootloaders found on the EFI System partition but apparently this firmware won't list them unless they're also found in efivars?  Upon choosing the nvme raw device (it doesn't list partitions) it boots... Windows.

root@fovo:/boot/efi/EFI/BOOT# sha256sum BOOTX64.EFI 
4773d74d87c2371a25883b59a3b6d98d157de46933676706d215015b1130f2d1  BOOTX64.EFI
root@fovo:/boot/efi/EFI/BOOT# sha256sum ../fedora/shimx64.efi 
4773d74d87c2371a25883b59a3b6d98d157de46933676706d215015b1130f2d1  ../fedora/shimx64.efi

Windows recovery boot menu likewise won't list Fedora, I guess because it's not found in efivars. 

Track down a Fedora install USB stick, and I'm able to fix this with efibootmgr, but... what a swig of sour milk. I'd put this in the soft fail category of how these sorts of updates can go sideways.

-- 
Chris Murphy
-- 
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux