Update Secure Boot Cert Before It Expires(nochan.net)

3 pointsby Bender3 hours ago1 comment

Bender3 hours ago
I am honestly surprised this is not being discussed more. Many Linux systems may not be able to reboot after this coming June 26th, 2026. This even includes Microsoft Windows as sometimes windows update does not apply updates correctly or sometimes windows IT shops do not realize updates failed on some workstations and servers.
- zahlman2 hours ago
  There have been stories about this kind of certificate expiration before that turned out to be nothingburgers, incluing almost a year ago (https://lwn.net/Articles/1029767/). Mint has already fixed the issue for me; my one boot key shows as being issued by Canonical and not expiring until 2042. The forums are full of people suggesting to disable secure boot at installation anyway; I didn't even know about it at the time I installed, and never had a problem.
  For that matter, there are people successfully running new Linux on machines older than the expiring keys.
  Incidentally, `mokutil --sb-state` (and `--list-enrolled`) doesn't require root, at least on my system.
  - Bender2 hours ago
    It would be great if it turns out to be a nothingburger. Y2K was mostly a nothingburger. Of course if that is the case then secure boot need not even exist. Let's push to get rid of it along with any other cruft in the BIOS and OS.
    Updated to mention this may be a nothing-burger and removed sudo. Thank-you!