- A signature key that many Linux distributions use to support Secure Boot is about to expire
- Systems that do not recognize the new key may not start Linux safely
- Users may need to deactivate secure start to install or run Linux
A signature key used to support secure start on many Linux distros is about to expire, which could open devices to all kinds of cybersecurity risks.
Secure Boot is an integrated safety functionality into modern computers. It is part of the unified extensible firmware interface (UEFI), which ensures that only the trust software can run when the system starts. This helps to block malware such as bootkits, and it is based on digital signatures and keys stored in computer firmware.
In short – UEFI is checking the right software is in place and putting things back to the operating system.
Lock the database
Now Microsoft has a signature key that many Linux distributions use to support secure start -up, and this key is defined to expire on September 11, 2025.
A replacement key has existed since 2023, but apparently – many systems do not take care of it yet, and for those who do not recognize the new key, this could mean that Linux does not start safely.
The resolution of this problem requires updates to the firmware of original equipment manufacturers (OEM), but there is a risk that not all OEMs emit updates – in particular those of older or less popular devices.
There is also a tool called “wedge”, which some Linux distros use to work with the secure start -up infrastructure of Microsoft. It is signed with the Microsoft key (soon to be expired), and if it is not replaced in time, Secure Boot can break these distros entirely.
Consequently, some users may need to deactivate secure start to install or run Linux, while others may need to manually update the firmware, or generate their own keys (which is complex enough and could be risky for those who have no in -depth technical knowledge).
All this could push people to stick to the windows, or to avoid fully secure start -up, which opens a brand new can of worms.
Via Tom material
