←back to thread

Linux and Secure Boot certificate expiration

(lwn.net)
253 points pabs3 | 2 comments | 18 Jul 25 03:53 UTC | HN request time: 0.54s | source
1. upofadown ◴[18 Jul 25 16:05 UTC] No.44606326[source]
>Currently, shim is signed with a Microsoft key from 2011 that expires on September 11.

What security benefit did adding an expiry date to the certificate provide? "Oh no! Someone has gotten our secret key and is certifying new shims! ... Not to worry, the certificate will expire in 14 years. Everything is fine!"

Does anyone know the rationale for such expiry?

replies(1): >>44607053 #
2. Avamander ◴[18 Jul 25 16:56 UTC] No.44607053[source]
Knowing that any quicker rollover would've hindered or even stopped uptake before the technology got established?